Software supply chain attacks have caught the security community off-guard. Arnica, starting with GitHub & Azure DevOps, addresses the two primary root causes: 1) ๐ช excessive permissions 2) ๐ฅธ lack of abnormal behavior detection
Hi Product Hunt,
My name is Nir! I am one of the three co-founders of arnica.io.
Iโve worn many hats in cyber security over the years โ sys admin, pen-tester, security architect, and Chief Information Security Officer (CISO). What really gets me excited about my work is making security easy and effective for developers and ops teams!
In my last role, at one of the largest FinTech companies in the world, our CEO needed me to secure our software supply chain. I met with 15+ vendors, did a few POCs, and each solution either increased operational cost or was too narrow in scope. I also found that many fellow CISOs faced the same problem. This is when I joined forces with my incredible co-founders โ @diko_dahan (Diko) and @eranation (Eran). They were seeing the same pain in their worlds (engineering and ops) too!
As a starting point for Arnica, we researched every software supply chain attack since 2018, and based on our research, we found two primary root causes:
1. ๐ช improper access management to developer tools
2.๐ฅธ inability to identify abnormal identity and code behavior
We studied the anatomy of each supply chain attack and designed a product to effectively secure developer tool stacks with a DevOps-first approach:
1. Identify excessive permissions to source code starting with GitHub and Azure DevOps repos ๐
2. Mitigate excessive permissions with an ability to regain access via self-service on Slack for your developers
3. Automatically generate & modify a CODEOWNERS file via pull request, based on the contextual behavior of the pull request reviewers
4. Secret detection and validation without modifications of the build pipelines for all repositories, public and private without any user-count limitations. ๐
5. Map GitHub users to your SAML/SSO provider. Also ๐ forever.
Why are we giving away so much functionality for free? I believe Arnica can do well by doing good in the DevSecOps community. Our mission is to be the easy button for DevOps security. Anything that is considered โsingle pane of glassโ is our free contribution. If we do that first and foremost, we are sure we will build a successful business.
Sign up today for a 30-day Arnica trial today (extended to celebrate our launch)!
~Nir
Arnica
Arnica
Arnica
Arnica