🛡️Data Handling

Overview

Arnica identifies risks in the DevOps tools based on historical behavior of the identities in them. To identify the most accurate risks, access to audit logs, commits, pull requests, and other objects in the DevOps tools is fundamental.

Data ingestion

The data ingestion process collects the following data from Source Control Management (SCM) systems:

• Core components, such as organizations, projects and repositories.

• Security components, such as identities, group membership and permissions.

• Behavioral data, such as commits, pull requests and audit trails.

• Source code snippets of vulnerable code only.

Data transformation

Arnica transforms sensitive information into metadata instead persisting it. For example, when Arnica identifies a hardcoded secret, the code snippet is not being persisted.

On-premise deployment

While the data ingestion process does not store any of the raw collected data, the data ingestion component can be deployed on customers' premises.

Data persistance

All data collected from customers' systems is encrypted at rest and segregated per tenant. Any communication to persist the data is encrypted over TLS v1.2 and v1.3.

Data destruction

Arnica tenant owners can delete the tenant, which will cause to a deletion of all associated data. Any integration removal from Arnica's platform will keep the records within the context of the tenant, so that historical issues can be tracked as long as the tenant is active.

For more information, please reference our Privacy Policy.