New Feature Announcement: Supply Chain Attack Assessment

Managing software supply chain risks has grown in complexity and urgency; we now require fast and decisive analysis of an everchanging landscape of attack vectors both inside and outside your codebase.  

While some attacks are neatly packaged in CVEs, many attacks include malicious code, package takeovers, and other attack vectors which do not result in CVE disclosures. Determining which of these supply chain attacks leaves your source code exposed often requires analysis of hundreds of third-party dependances and their versions.  

Completing this type of investigation quickly requires a specified approach. To help security and development teams act faster, we've introduced a new Supply Chain Attack Assessment and experience in Arnica.

What Is Automated Third-Party Vulnerability Assessment?

The updated Third-Party Vulnerabilities page provides a more centralized and intuitive way to review risks affecting the open-source packages used throughout your environment.

Instead of piecing together information across multiple views, teams can now access relevant third-party vulnerability data through a dedicated experience designed to streamline investigation and prioritization.

With this update, you can:

• More easily identify vulnerable third-party packages
• Quickly understand where affected packages exist within your environment
• Prioritize remediation efforts from a centralized view
• Spend less time navigating between screens and more time addressing risk

This update improves how vulnerability information is presented and organized, making it easier for security teams to assess exposure and determine where action is required. Our goal is to reduce friction, improve visibility, and help teams respond more efficiently to third-party risk.

New Supply Chain Attack Page Live Now in Arnica

This release is the first step in a broader effort to improve how organizations monitor software supply chain threats within Arnica.

Additional enhancements, including expanded alerting capabilities, are already in development to help teams stay informed as new third-party vulnerabilities emerge.

The updated Third-Party Vulnerabilities experience is available now for all customers. If you have any questions, reach out to your customer success representative.

‍