Introduction

ACV Auctions is out to “fundamentally change the wholesale automotive industry by providing a level of trust and transparency that was once unimaginable.” Becoming the industry’s premier wholesale automobile auction site requires rapid innovation and software development lifecycles (SDLC) with continuous integration/continuous delivery (CI/CD) pipelines. The ACV information security team is tasked with protecting the software factory that drives their business, and they use Legit Security to help create and maintain a secure and sustainable process for developing new and innovative software.

 

Challenge

ACV Auctions was struggling to analyze, secure, and track changes across each stage of the SDLC. They needed an inventory of the SDLC systems and infrastructure in place, a deep awareness of operational security controls, an understanding of which regulatory requirements are being adhered to, and which may be drifting out of compliance.

 

ACV Auctions Needed

  • Observability into their SDLC and CI/CD processes
  • Relevant context to prioritize AppSec activities
  • Visibility into security controls and compliance drift
  • Automation of repetitive, lower-skill work

ACV Auctions Storefront_w

The Legit Solution

ACV Auctions selected Legit Security after a platform evaluation demonstrated their requirements for observability and security of their SDLC pipelines, systems and infrastructure along with real-time auditing and monitoring. Legit was able to immediately provide a range of capabilities that delivered what the ASM team needed—at a fraction of the cost that adding staff would have required.

 

Solution Requirements

  • Integration with ACV Auctions’ existing tech stack
  • Easy implementation and operation
  • Continuous evaluation of application security posture
  • Auditing for policy violations and compliance drift
  • Automated communication and remediation
Benefits of a Secure SDLC Foundation
Legit provides a powerful tool for the security team(s) who leverage it for application security as well as SDLC oversight to provide an informed advisory perspective to other teams.
settings

More collaborative application security with developer teams leveraging the platform’s risk scoring and deeper contextual information.

shield

Smarter vulnerability management supported by observability and context across the SDLC to effectively prioritize security issues.

lock

Continuous assurance and risk mgmt by identifying, prioritizing and remediating vulnerabilities that protect the business and meet compliance requirements.

clock

Costs savings and productivity gains through automation and operational efficiencies that enable highly trained SMEs to focus on more strategic tasks.

Eyebrow

Get the Full Story

Download the case study for details on how Legit Security helped ACV Auctions address their secure application delivery challenges.

Download Case Study