The solution provides context and visibility of risks in the developers’ native environment to maintain security without harming dev velocity.
Arnica, a behavior-based solution that makes software supply chain security effective and easy, announced today the release of a suite of new security scanning tools including Static Application Security Testing (SAST), Infrastructure as Code (IAC) scanning, Software Composition Analysis (SCA) and third-party package reputation checks. With the addition of these tools to their existing offering, Arnica is now the first comprehensive security solution that identifies and prevents the introduction of code risks in real time. The platform enables total coverage from day one and provides full context on ownership and mitigation of identified vulnerabilities.
A recent report found that the average cost of a data breach in the US is $9.44M – 4.3% higher than in 2021. To combat this, companies have various options for integrating security tools, but each has its drawbacks. IDE plugins surface risks within the developer workflow, but are difficult to maintain across devices and provide limited visibility to security teams. CI/CD pipeline scanners provide security teams with consolidated lists of risks, but have limited coverage and lack the context necessary to identify the appropriate person to take action. While each approach contributes to security, the lack of a comprehensive unified solution makes it difficult to achieve 100% coverage and the siloed workflows they create slow down development considerably.
Read More: Ooma Office Explains Why VoIP Is Better For Business Than Landline Phones
Arnica’s solution provides full coverage through native integrations into GitHub and Azure DevOps, enabling code risk security across SAST, IAC, SCA, and third-party package reputation scanning. Now, Arnica users will be able to leverage these integrations to protect against code risks while providing developers with real-time feedback and one-click mitigation actions to ensure uninterrupted development workflows. Arnica provides visibility through integrations to communication tools like Slack and Microsoft Teams. When a risk is found, Arnica is able to communicate the problem explicitly to the relevant parties and provide context to facilitate a quick resolution. The context includes where the problem is located, who is responsible for resolving it and mitigation suggestions.
Arnica leverages native integrations into source code management systems to detect and respond to risks as soon as a developer pushes code. This way, developers’ fixes don’t have to go through a build and test pipeline in order to mitigate known vulnerabilities. Arnica is introducing the first ‘pipelineless‘ approach to code risk identification and mitigation to allow security teams to easily establish and maintain full security scanning across the software supply chain from day one.
“Under current market conditions, companies are looking for security tools that have a broader range of coverage, unlike traditional scanners that have limited scope and visibility,” said Nir Valtman, CEO and Founder of Arnica. “Companies want to have better, faster and cheaper solutions to run optimal application security programs, which require prioritization and product ownership across the company. By helping prioritize and contextualize alerts, and making those alerts actionable, teams can ‘stop the bleeding‘ before addressing the backlog.”
“Arnica is helping developers feel comfortable with securing their own code. No one wants to have their mistakes aired across the whole organization. By removing blame from the equation and providing context and steps to mitigate the risk, developers can feel more confident when coding and more inclined to own the security of their code,” Eran Medan, CTO and Founder of Arnica, said.
Read More: SalesTechStar Interview with Greg Arnold, Vice President of Engineering for LinkedIn Sales Solutions