Arnica integrates as a GitHub app, empowering you to automate your software supply chain security efforts. Arnica’s integration with GitHub allows you to manage, secure, and audit all activity within GitHub within a single solution.
Arnica maps all GitHub identities to corporate context regardless of if your developers bring their own identity from GitHub cloud. Arnica then identifies the recent activity for each identity across all organizations and flags high risk users.
Repository & branch protection inventory
Unified visibility across every repository, including recent activity, associated GitHub topics, and relevant mapping of branch protection policies for your important branches.
GitHub Apps inventory
Easily track details for all GitHub applications installed within your organizations including last update date, the owner who installed it, and requested permissions.
Software bill of materials (SBOM)
Fully searchable SBOM inventory including rich reputational data for each package and downloadable SBOM artifacts for each repository.
Automated excessive permissions analysis
Excessive permissions risks identified down to the branch level and updated daily using behavior-based analysis. One-click mitigations are included with every risk.
Put CODEOWNERS on autopilot
Automatic creation and configuration of CODEOWNERS files based on historical behavior. Arnica generates pull requests to simplify the process for developers.
Fix misconfigured CODEOWNERS
Arnica identifies and fixes misconfigurations in CODEOWNERS, such as unenforced branch protection policies or errors in the CODEOWNERS file.
Developer self-service access provisioning
Self-service permissions tooling allows developers to request access from Slack or Microsoft Teams. Automatically grant permissions or notify relevant approvers based on policies.
Route mitigation recommendations privately to the developer when code is pushed and scanned. Pull request annotations are supported at the time of code review for unresolved vulnerabilities at the feature branch.
Static application security testing (SAST)
Identify vulnerabilities in source code at the time of code push and provide tailored mitigation recommendations based on the risk and its context.
Infrastructure as code (IaC) security
Identify vulnerabilities in infrastructure as code as part of a code push such as terraform, cloud formation, helm charts, and more.
Software composition analysis (SCA)
Identify third party package vulnerabilities and recommend the best version to use in your source code such as which version will have the biggest impact with the lowest version change.
100% validated secret detection
Every secret. Every time. Validated and confirmed before it is reported, with details such as pusher, secret type, and more included in the finding.
Zero new hardcoded secrets
Secrets are found in real-time. Prompt developers to take action or leverage a “Zero New Secrets” policy to automatically mitigate the secret instantly without leaving a trail in the git history.
Identify a secret’s blast radius
Full historical visibility into who has a copy of each identified secret, when and how they got it.