Today, Arnica is introducing Reachability, an innovative enhancement to our Software Composition Analysis (SCA) solution. Arnica’s Reachability feature enables engineering and security teams to evaluate whether third-party packages are truly exploitable by determining if the vulnerable functions are reachable in your application’s code. Arnica takes a pipelineless approach to Reachability to ensure that vulnerabilities are detected in real-time.
Arnica’s Reachability feature provides a new layer of context and intelligence to your Software Composition Analysis (SCA) approach by identifying whether an exploitable function is actually called within your application. We do this by conducting deep analysis of function-level vulnerabilities, ensuring that reachability is highlighted within the git context of every finding. Arnica is able to conduct this analysis across both direct and transitive dependencies, as well as correlate potential reachability between git branches.
Pipelineless Reachability Analysis
Arnica’s pipelineless approach is optimized to provide reachability information, in real-time, to the developer on every code push, while they’re still working on that code. This approach ensures developers are able to address critical vulnerabilities as they are developing their code. This approach runs counter to the norm of requiring a full git clone to scan for reachability, which results in slower feedback.
Cross-Branch Correlation
Function-level reachability can happen at different times, be introduced by different developers (e.g. one developer introduces the use of the vulnerable function, another pushes a package update), and can happen across all git branches. Arnica builds context across branches and enriches each finding with a confidence level based on this context.
For example, a package with version X.1 may be calling a function that is only exploitable in version X.2. When a developer pushes a package update to version X.2 in a feature branch, that developer will then get notified, in real-time, about the future reachability of the vulnerability in the production code.
Arnica’s implementation of Reachability within Software Composition Analysis (SCA) supports a number of core use cases for Arnica customers.
As is the case with everything we build, Arnica’s enhanced Reachability detection drives security outcomes while unburdening developers from wasted effort.
Book some time with the Arnica team to see for yourself and join our beta!
Enterprises today are faced with the need to harden their DevOps ecosystem to combat the proliferation of Software Supply Chain Attacks. These organizations are faced with the growing challenge of balancing development velocity, cost efficiency, and security.
Managing excessive developer permissions and identifying corresponding anomalous behavior are two obstacles in the way of establishing this equilibrium. Arnica was established to solve these obstacles by providing a seamless and frictionless active mitigation platform for exactly these issues and more. Arnica is the easy button for DevOps security.
Arnica analyzes excessive permissions, code risks and misconfigurations across the developer toolset and mitigates them.
press@arnica.io