Arnica
Pipelineless AppSec. Developer-Native Workflows.
Start new thread
Simon Wenet

Arnica - Behavior based software supply chain security

by
Arnica
โ€ข
Software supply chain attacks have caught the security community off-guard. Arnica, starting with GitHub & Azure DevOps, addresses the two primary root causes:
1) ๐Ÿช„ excessive permissions to developer tools
2) ๐Ÿฅธ lack of abnormal behavior detection

Add a comment

Replies

Best
Nir V
Maker
Hi Product Hunt, My name is Nir! I am one of the three co-founders of arnica.io. Iโ€™ve worn many hats in cyber security over the years โ€“ sys admin, pen-tester, security architect, and Chief Information Security Officer (CISO). What really gets me excited about my work is making security easy and effective for developers and ops teams! In my last role, at one of the largest FinTech companies in the world, our CEO needed me to secure our software supply chain. I met with 15+ vendors, did a few POCs, and each solution either increased operational cost or was too narrow in scope. I also found that many fellow CISOs faced the same problem. This is when I joined forces with my incredible co-founders โ€“ @diko_dahan (Diko) and @eranation (Eran). They were seeing the same pain in their worlds (engineering and ops) too! As a starting point for Arnica, we researched every software supply chain attack since 2018, and based on our research, we found two primary root causes: 1. ๐Ÿช„ improper access management to developer tools 2.๐Ÿฅธ inability to identify abnormal identity and code behavior We studied the anatomy of each supply chain attack and designed a product to effectively secure developer tool stacks with a DevOps-first approach: 1. Identify excessive permissions to source code starting with GitHub and Azure DevOps repos ๐Ÿ†“ 2. Mitigate excessive permissions with an ability to regain access via self-service on Slack for your developers 3. Automatically generate & modify a CODEOWNERS file via pull request, based on the contextual behavior of the pull request reviewers 4. Secret detection and validation without modifications of the build pipelines for all repositories, public and private without any user-count limitations. ๐Ÿ†“ 5. Map GitHub users to your SAML/SSO provider. Also ๐Ÿ†“ forever. Why are we giving away so much functionality for free? I believe Arnica can do well by doing good in the DevSecOps community. Our mission is to be the easy button for DevOps security. Anything that is considered โ€œsingle pane of glassโ€ is our free contribution. If we do that first and foremost, we are sure we will build a successful business. Sign up today for a 30-day Arnica trial today (extended to celebrate our launch)! ~Nir
Rob McDonald
@diko_dahan @eranation @nir_v @simon_wenet Phenomenal! Very excited about what you are doing and this important milestone. Gas pedal down!!!!
Simon Wenet
Maker
@rob_mcdonald3 thank you for the support!!
Fares
Simon Wenet
Amazing work by the @Arnica team! Congrats on the launch!
Nir V
Maker
Congrats team!
Mike Doyle
Just Wow.
Nir V
Maker
Thanks Mike
Aelita ะกhervonnaya
i'll check it for sure! congrats on the launch!
Nir V
Maker
Thanks Aelita
Nenad Nikoloski
Maker
Congrats on the launch team!
Nir V
Maker
Congrats to Arnicaโ€™s team!
Jason Phelps
Congrats on the launch, team!
Nir V
Maker
@pxgzf498gt Thank you!
Tom Messner
Awesome - congrats on the launch team!
Nir V
Maker
@t_mess Thanks Tom
Basharath
It's an interesting product. Congrats!
Nir V
Maker
Thank you Basharath
Natasha Berk
Awesome product, congrats!
Nir V
Maker
@natasha_berk Thanks Berk
Dave Cornell
Great work. it's a challenging problem that needs to be solved!
Nir V
Maker
@dave_cornell Indeed a big problem. Thanks for the feedback.
12
Next
Last