Arnica Documentation
  • Introduction
  • Getting Started
    • ๐Ÿ”‘Sign Up
    • โ–ถ๏ธSCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • ๐Ÿ“คChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • ๐ŸŽซTicket Management
      • ๐Ÿ›Jira Integration
      • ๐Ÿ“‹ADO Boards Integration
    • ๐Ÿง Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • ๐ŸจOn Premise Integrations
  • Inventory
    • ๐Ÿ’ผIdentities, Repositories & Organizations
    • ๐Ÿ“‡Software Bill of Materials (SBOM)
    • ๐Ÿฆ„Prioritization & Product Ownership
  • Hardcoded Secrets
    • ๐Ÿ•ต๏ธSecret Detection
    • โชRealtime Secret Mitigation
    • ๐Ÿฅ•Secrets Policy Settings
  • Code Risks
    • ๐ŸŽผStatic Application Security Testing (SAST)
      • Custom SAST Rules
    • ๐ŸงฉSoftware Composition Analysis (SCA)
    • ๐Ÿ”ก3rd Party Package Licenses
      • Override License Classifications
    • ๐Ÿคน3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • โ›…Infrastructure as Code Security (IaC)
    • ๐Ÿค–Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • ๐Ÿช„Code Risk Magic Links
    • ๐Ÿ“ฆCode Risk Language and Framework Support
  • Platform Operations
    • ๐ŸšชJoining an Existing Org
    • โŒDeleting a Tenant
    • ๐Ÿซ‚How do I invite members to my tenant?
      • New User Invitations
    • ๐Ÿ‘ฅUsers & Roles
    • ๐Ÿ”‡Deleting Integrations
    • โŒ›Scheduled Jobs
      • How often do Jobs run?
    • ๐Ÿ’ธBilling
  • Security
    • ๐ŸŽฎRole Based Access Control (RBAC)
    • ๐Ÿ›ก๏ธData Handling
    • ๐Ÿ›๏ธSSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Arnica Chat Integration
  • Arnica Notifications Channel
  • Arnica Self Service Permissions
  • Secret Detection & Mitigation
  • Code Risks

Was this helpful?

  1. Getting Started

ChatOps

Overview of the Arnica Chatbot Integration

Arnica Chat Integration

Arnicaโ€™s chat integration allows you to interact with the Arnica solution directly from your existing collaboration tools such as Slack and Teams to complete mitigations, respond to threats, request permissions, and push notifications and alerts to developers without interrupting their normal development process. Below are some of the primary features that Arnica provides for Slack and Teams.

Arnica Notifications Channel

The Notification channel pushes Arnica notifications directly to your chat, including ingestion and analysis job completion alerts, notifications for when risks are mitigated, or mitigations are reversed. The Arnica notifications channel can also be used to review and grant permissions requests submitted through the self-service permissions bot.

Arnica Self Service Permissions

An Arnica self-service access provisioning bot will be accessible by typing โ€œ/Arnicaโ€ into slack or teams which prompts the Arnica permissions window. This window will allow users to request access to a specific org, repo, and permission level. Based on policies set out within Arnica, these requests can be automatically granted, or result in requests being sent to the notifications channel.

Secret Detection & Mitigation

The Arnica chat bot can be configured to alert developers directly when a hardcoded secret is identified within a code push, allowing them to remove the secret before it becomes a risk. These alerts are triggered in real time, and are sent directly to the responsible developer, alongside other channels (if needed) immediately. They can also include one-click mitigations, or automated mitigations that remove the secret and erase any history of the secret within the merged branch.

Code Risks

The Arnica chat bot can be configured to alert developers when certain code risks (i.e. SAST, SCA, licenses, IaC, low reputation) are introduced as early as code is pushed to a feature branch. The chat bot allows developers to mark the risks as in progress, dismiss with a justification, or suggest a dismissal.

PreviousGitlabNextMicrosoft Teams

Last updated 6 months ago

Was this helpful?

๐Ÿ“ค