Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Overview
  • Inventory pages
  • Github
  • Azure DevOps

Was this helpful?

  1. Inventory

Identities, Repositories & Organizations

PreviousOn Premise IntegrationsNextSoftware Bill of Materials (SBOM)

Last updated 9 months ago

Was this helpful?

Overview

The Inventory page displays an overview of your integrated orgs assets and users, along with high level details of the org. Here you can find details and totals of multiple elements for each Source Code Management (SCM) type.

If you have integrated orgs from more than one SCM, you will have access to a dropdown menu that displays each SCM available to you. The inventory page will then display a summary of details specific to that SCM type and will include all integrated elements.

Inventory pages

Github

Identities

This summary displays the total number of identities for all GitHub integrations in your organization. It displays a table of all identities with their GitHub organizations and additional details including their name (if exists), all email addresses, highest role, days since last action, and their Arnica designated risk level.

If the identity doesn't have a public name or Arnica did not identify other names based on the historical user activity, the name can be modified by clicking on the pencil 🖋️ next to the name.

Additionally, Arnica maps all emails associated to each identity based on the historical behavior and SCIM information. It helps to identify users who use other emails accounts to author code for the company. The checkbox ✅ next to the name means that the user has either a validated email or SSO enabled - hover on the icon to see the details.

Organizations

- Domain Verification (Yes / No) -MFA Required (Yes / No) -Org Plan level (Free - Enterprise) -Default Permission of members (Read-Admin) -Total Identity count -SSO Enabled for Identitied (Yes / No)

Repositories

This summary displays the total number of repositories for all GitHub integrations in your org. Clicking into the Total Repositories summary will display a table of all repos with their GitHub org and additional details including the number of days since the last commit, the number of admins and the average pull request response time per Repo.

GitHub Apps

This section displays the total number of GitHub apps installed and if clicked will display a breakdown of each app, the org it is associated with, permissions granted, and the last date it was updated.

Azure DevOps

Identities

This summary displays the total number of identities for all Azure DevOps integrations in your Arnica tenant. It displays a table of all identities with their organizations and additional details including their name (if it exists), all email addresses, highest role, days since last action, and their Arnica designated risk level.

If the identity doesn't have a public name or Arnica did not identify other names based on the historical user activity, the name can be modified by clicking on the pencil 🖋️ next to the name.

Additionally, Arnica maps all emails associated to each identity based on the historical behavior and SCIM information. It helps to identify users who use other emails accounts to author code for the company. The checkbox ✅ next to the name means that the user has either a validated email or SSO enabled - hover on the icon to see the details.

Repositories

This summary displays the total number of repositories for all Azure DevOps integrations in your Arnica Tenant. The repositories summary table will display a table of all repos with their org name and additional details including the number of days since the last commit and the average pull request response time per Repo.

Excessive Licenses

The excessive licenses page identifies Azure DevOps identities with unused or underutilized licenses. These identities represent opportunities to save money through the reduction or removal of the identities existing Azure DevOps license. For each license, Arnica will provide the users display name, license type, and each organization they are a member of.

This summary displays the total number of organizations integrated with your Arnica tenant. Useful information on each org is included within the table. This includes:

💼