Arnica integrates as a Bitbucket app, empowering you to automate your software supply chain security efforts. Arnica’s integration with Bitbucket allows you to manage, secure, and audit all activity within Bitbucket within a single solution.
Arnica maps all Bitbucket identities to corporate context including mapping to collaboration tools. Arnica then identifies the recent activity for each identity across all organizations and flags high risk users.
Repository & branch protection inventory
Unified visibility across every project and repository, including recent activity, reviewer requirements, and relevant mapping of branch protection policies for your important branches.
Bitbucket Excessive Licenses
Quickly Identify excessive licenses to reduce overhead and minimize excessive permissions.
Software bill of materials (SBOM)
Fully searchable SBOM inventory including rich reputational data for each package and downloadable SBOM artifacts for each repository.
Automated excessive permissions analysis
Excessive permissions risks identified down to the branch level and updated daily using behavior-based analysis. One-click mitigations are included with every risk.
Developer self-service access provisioning
Self-service permissions tooling allows developers to request access from Slack or Microsoft Teams. Automatically grant permissions or notify relevant approvers based on policies.
Instantly view branches with policies that are currently unenforceable and enforce status checks with a single click mitigation directly with Arnica.
Route mitigation recommendations privately to the developer when code is pushed and scanned. Pull request annotations are supported at the time of code review for unresolved vulnerabilities at the feature branch level. Block vulnerable code with merge blocking on high importance projects.
Static application security testing (SAST)
Identify vulnerabilities in source code at the time of code push and provide tailored mitigation recommendations based on the risk and its context.
Infrastructure as code (IaC) security
Identify vulnerabilities in infrastructure as code as part of a code push such as terraform, cloud formation, helm charts, and more.
Identify third party package vulnerabilities and recommend the best version to use in your source code such as which version will have the biggest impact with the lowest version change. Flag inadequate licenses and manage risk SLAs.
100% validated secret detection
Every secret. Every time. Validated and confirmed before it is reported, with details such as pusher, secret type, and more included in the finding.
Zero new hardcoded secrets
Secrets are found in real-time. Prompt developers to act or leverage a “Zero New Secrets” policy to automatically mitigate the secret instantly without leaving a trail in git history.
Identify a secret’s blast radius
Full historical visibility into who has a copy of each identified secret, when and how they got it.