Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Overview
  • Data ingestion
  • Data transformation
  • On-premise deployment
  • Data persistance
  • Data destruction

Was this helpful?

  1. Security

Data Handling

Overview

Arnica identifies risks in the DevOps tools based on historical behavior of the identities in them. To identify the most accurate risks, access to audit logs, commits, pull requests, and other objects in the DevOps tools is fundamental.

Data ingestion

The data ingestion process collects the following data from Source Control Management (SCM) systems:

  • Core components, such as organizations, projects and repositories.

  • Security components, such as identities, group membership and permissions.

  • Behavioral data, such as commits, pull requests and audit trails.

  • Source code snippets of vulnerable code only.

Data transformation

Arnica transforms sensitive information into metadata instead persisting it. For example, when Arnica identifies a hardcoded secret, the code snippet is not being persisted.

On-premise deployment

While the data ingestion process does not store any of the raw collected data, the data ingestion component can be deployed on customers' premises.

Data persistance

All data collected from customers' systems is encrypted at rest and segregated per tenant. Any communication to persist the data is encrypted over TLS v1.2 and v1.3.

Data destruction

Arnica tenant owners can delete the tenant, which will cause to a deletion of all associated data. Any integration removal from Arnica's platform will keep the records within the context of the tenant, so that historical issues can be tracked as long as the tenant is active.

PreviousRole Based Access Control (RBAC)NextSSO Integration

Last updated 2 months ago

Was this helpful?

For more information, please reference our .

🛡️
Privacy Policy