New Feature Announcements: AI SAST Multi-File Support, Arnica Audit Log & Product Updates Tab

The last few weeks were busy at Arnica. Several new capabilities are live in the app, each addressing something our enterprise customers have been asking for. Arnica’s AI can now trace vulnerabilities across your entire codebase, enterprise teams can see a full 90-day record of changes, and new features are now surfaced in-app. Here’s the latest.

AI SAST Multi-File Support

Arnica’s AI now sees the full picture across your entire codebase.

Single-file SAST analysis has always had a ceiling. A vulnerability that begins in one file and resolves in another looks clean on its own. Arnica’s AI SAST can now follow the code.

Multi-File Support gives Arnica’s AI the context it needs to trace findings across files, understanding how data flows through your codebase from source to sink, regardless of how many files are in between. The result: fewer missed vulnerabilities, more confident triage, and findings that reflect how your code behaves at runtime.

In nightly scans, PRs, and push events, Arnica can analyze your full repository context, not just the diff. In PR scans, it surfaces issues in changed code that single-file analysis would have missed entirely due to missing context.

• Why it matters: Traditional SAST and first-generation AI SAST tools review files in isolation. But real vulnerabilities don’t stay in one file. Now, neither does Arnica.

AI-Powered False-Positive Reduction

Arnica’s AI now helps separate real risk from scanner noise.

Rule-based SAST is powerful, but it can only see so much. A pattern may look risky in one file, while another file shows the input is validated, authenticated, sanitized, or otherwise unreachable.

Arnica can now review rule-based SAST findings with codebase context and mark them as false positives when the evidence shows they are not exploitable. The AI reads the vulnerable location, investigates related files, checks for mitigations, and records the reasoning behind the decision.

• Why it matters: Security teams spend too much time reviewing findings that are already neutralized by framework protections, validation, or architecture. Arnica now uses AI to reduce that noise before it reaches developers.

AI-Augmented SAST Findings

Rule-based SAST findings now get AI context.

When Arnica’s AI confirms that a rule-based scanner finding points to a real issue, it can enrich the original finding instead of creating a duplicate. That means the finding keeps its stable tracking, while gaining AI-generated context: clearer descriptions, more precise remediation guidance, dataflow traces, related-file context, and severity grounded in how the vulnerability behaves.

The result is a finding that is easier to understand, easier to fix, and easier to trust.

• Why it matters: Developers don’t just need to know that a rule matched. They need to know why it matters in their codebase. Arnica now turns rule-based findings into context-aware security guidance.

SAST Finding Severity Reclassification

Arnica’s AI can now adjust SAST severity based on real exploitability.

A scanner severity is often a starting point, not the final answer. The same pattern can be critical in an unauthenticated public endpoint, medium behind role-based access, or low when architectural controls limit impact.

Arnica now reviews rule-based SAST findings with full project context and can upgrade or downgrade severity when the code supports it. It looks for authentication, authorization, validation, sanitization, framework protections, database privileges, and other mitigating or aggravating factors before making a decision.

• Why it matters: Prioritization only works when severity reflects reality. Arnica now helps teams focus on the findings that are actually most exploitable in their environment.

SAST Noise Reduction from Minified Code

Arnica can now filter out SAST noise from minified code.

Minified files are rarely actionable for developers, but they can produce a large number of low-value findings. Arnica can identify minified files, resolve existing open findings from those files, and exclude them from future scans.

• Why it matters: Security teams should spend review time on source code they can actually fix. Arnica now helps keep generated and minified code from polluting the SAST backlog.

Arnica Audit Log — Early Access

Get a complete record of who changed what, and when.

Enterprise teams have been asking for this for a while. Starting today, Arnica logs all user activity within your organization in a rolling 90-day Audit Log, accessible directly from the Security tab of your account.

Every policy update, role change, product edit, and integration addition is captured with a timestamp, the acting user, and exactly what changed. No more guessing who removed a policy or updated a permission at 2am.

What’s logged:

• Policy additions, edits, and deletions, including the specific rule changed
• User role updates (e.g., read-only to admin)
• Product and inventory edits
• Integration events

The Audit Log is an Enterprise feature currently in early access. To enable it for your organization, reach out to your Arnica Customer Success Rep.

• Why it matters: When you have hundreds of users in a security platform, accountability isn’t optional. The Arnica Audit Log makes it easy to answer the question every security team eventually asks: who changed that, and when?

Product Updates in Arnica

Stay current on everything Arnica ships without leaving the app.

Arnica moves fast. To make it easier to keep up, we’ve added a dedicated Product Updates tab inside the platform. Every feature announcement update (just like the one you're currently reading!) now surfaces in one place, directly in your account.

• Why it matters: The best security platform is one your team knows how to use. The Product Updates tab keeps everyone current on what’s available so you’re always working with the full power of Arnica.

These updates are part of a broader product push that also includes significant improvements to subscription management and user experience. Log in to explore these features. If you’d like early access to the Audit Log, reach out to your Customer Success Rep.

‍