Arnica

Founded in 2021. Privately Held.

External links: homepage | docs | blog | jobs | twitter | linkedin

Application and code security tools.

Blog content published by word count

Switch to post count

Blog content

post title author published words HN
What is Pipelineless Security? Nir Valtman Dec. 05, 2022 922 2
5 critical lessons from the latest GitHub phishing campaign by Gitloker Nir Valtman Jun. 17, 2024 1389 -
Trouble Keeping Track of Your Keys? So Does Toyota: Lessons Learned from a Key Management Breach Nir Valtman Oct. 12, 2022 355 2
Azure Permissions: Managing Granular Permissions in Azure Devops Eran Medan Jan. 10, 2023 1645 -
Why Risk Scanning Needs to be Free: Don't Just Find Risks, Fix Them Simon Wenet Nov. 20, 2023 1283 -
Four takeaways from the NSA's software supply chain security recommendations Mike Doyle Sep. 10, 2022 963 2
Trying to identify spoofing in GitHub? May the 4th be with you! Mark Maney May. 03, 2023 1976 1
How to Determine the Severity of a Third-Party Risk with Software Composition Analysis (SCA) Simon Wenet Sep. 27, 2023 1501 -
The Criticality of Context for Addressing Software Supply Chain Risk Mark Maney Jun. 19, 2023 1753 -
Should I Manage Code in a Single Organization or Multiple Organizations? Mark Maney Jun. 27, 2023 1101 -
[April fools] Introducing SecuriSlow™: Slowing Down Your Developers, Fast Nir Valtman Apr. 01, 2024 274 -
Analyzing LastPass' Recent Security Incident Notification Mike Doyle Aug. 26, 2022 785 1
How to ensure your third-party software packages are reputable Mark Maney Aug. 16, 2023 1909 -
Afraid of your source code leaking? I can tell by the Twitch in your eye…! Nir Valtman Jan. 10, 2022 441 -
Best practices maintaining a secure development environment Mark Maney Jan. 11, 2023 1961 -
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy to Supercharge Our Integration Development Doron Guttman Apr. 17, 2023 1949 3
Harnessing the Power of Secure Coding Practices for Effective CI/CD Security Nir Valtman Feb. 13, 2023 1796 -
How Top Open Source Projects Protect Their Code: Insights and Best Practices Chris Abraham Feb. 07, 2022 1237 7
Defending Against Source Code Exfiltration, Fast and Slow Mike Doyle Apr. 05, 2023 1272 -
How to ensure you don’t have Sourcegraph secrets in source code Nir Valtman Sep. 04, 2023 630 3
Malicious Code Campaign on GitHub Repos: Is it Hype or a Dire Threat? Nir Valtman Mar. 05, 2024 754 2
GitGoat: An Open Source Project of Intentionally (Riskless) Misconfigured GitHub Organizations Nir Valtman Jun. 27, 2022 307 8
How to Evaluate a Static Application Security Testing (SAST) Solution Mark Maney Nov. 13, 2023 1668 -
What to Consider Before Enforcing Multi-Factor Authentication (MFA) on GitHub Nir Valtman Oct. 19, 2022 1324 -
Demystifying the Pl0x GitHub attack Mike Doyle Aug. 17, 2022 1325 1
Hacking Upstream: Finding a 0-Day in an OpenSSH Key Parser Library Mike Doyle Jul. 06, 2022 2826 2
How to prioritize third-party package (SCA) vulnerabilities Mark Maney Nov. 28, 2023 1410 -
What Every Developer Needs to Know About GitHub Branch Protection Nir Valtman Mar. 13, 2024 1430 1
GitHub Hosted vs. Self-Hosted Runners: Which One Should You Choose? Eran Medan Nov. 08, 2022 1426 1
A Complete Guide: Enterprise Managed Users vs Bring Your Own Users on GitHub Nir Valtman Oct. 17, 2023 1301 -
GitHub CODEOWNERS: What Every Developer Should Know Nir Valtman Jul. 23, 2022 1488 3
Hardening Your Software Development Environment: A Beginner's Guide Eran Medan Sep. 21, 2022 1464 3
Security to-do lists slow you down, security tools need to fix the problems they find Mark Maney Dec. 19, 2022 644 -
Why secrets continue to be a massive problem in source code Mark Maney May. 30, 2023 1441 -
How insurance tech companies are leading the way on Application Security Simon Wenet May. 03, 2023 970 -
What is an SBOM, what is it not, and do you need one? Mark Maney Mar. 22, 2023 1649 -
Application Security vs. Software Supply Chain Security: What's the Difference? Mike Doyle Feb. 27, 2022 1688 3
Protecting Stale Code Repositories on GitHub: Essential Security Measures Eran Medan Jul. 18, 2022 1014 5
SBOM For Your Software Supply Chain: Added Visibility or Security Risk? Mark Maney Sep. 19, 2023 1176 -
The Essential Guide to SCA and SAST Simon Wenet Feb. 08, 2024 505 -
CI/CD Pipeline Security vs. IDE plugins vs. Pipelineless Security Nir Valtman Nov. 27, 2023 1881 -
Leveraging EPSS, CVSS, and KEV for Comprehensive Risk Management & Prioritization Simon Wenet Feb. 20, 2024 1040 -
How to Detect & Prevent Source Code Exfiltration Simon Wenet Jul. 05, 2023 1414 -
Leveraging Developer Security Skills to Fortify your Security Team Eran Medan Dec. 14, 2022 498 -
The Importance of EPSS in Vulnerability Prioritization: A Holistic Approach Eran Medan Mar. 28, 2023 628 1
How to prioritize your backlog of hardcoded secrets Nir Valtman Jul. 18, 2023 1884 -
Tracing the Impact of a Clothing Retailer's Software Supply Chain Breach on Your Production Environment Mike Doyle May. 25, 2022 467 5
How to Survive a State Actor's Attempt to Put a Backdoor in Your Code Mark Maney Mar. 07, 2022 598 20
What Developers Can Learn from Taylor Swift's Re-recording Strategy Nicholas Rodine Jun. 12, 2023 1107 2
Adopting Pipelineless Security Solutions for Modern AppSec Programs Simon Wenet Apr. 10, 2023 1465 -
Github OAuth Apps Security: How to protect yourself against GitHub/OAuth Apps Supply Chain Attacks Nir Valtman Apr. 11, 2022 460 9
Hacking Hacker News: Lessons Learned from a Security Researcher Wearing A Growth Hat Nir Valtman Jan. 02, 2022 886 2
Minimize AppSec Effort and Maximize AppSec Coverage with Pipelineless Security Scanning Nir Valtman Jan. 23, 2024 1972 -
Practical Guide for Evaluating Secret Detection Solutions to Fit Modern Software Development Nir Valtman Jun. 12, 2024 2043 -
The Importance of Free Secret Detection, Even for Private Repositories Nir Valtman May. 11, 2022 295 19
Why Secret Scanning Visibility Should Be Free & Understanding Where There is Value Mike Doyle Jul. 11, 2023 1420 -
Need for AppSec exposed by the ‘ResumeLooters’ SQL Injection & XSS Attacks Nir Valtman Feb. 13, 2024 555 -
New York Times Data Breach Reveals Secrets & Source Code Simon Wenet Jul. 10, 2024 832 -
Rabbit r1 Data Breach Again Shows The Dire Need for Improved Secrets Security Simon Wenet Jun. 28, 2024 853 -
Building an AppSec Program, Powered by Pipelineless Security Nir Valtman Aug. 20, 2024 2644 -
Time for an Honest Talk About Third-Party Risk Management and Software Composition Analysis (SCA) Mark Maney Sep. 10, 2024 903 -
Optimizing Code Security: Advanced Strategies in SAST Scanning Simon Wenet Sep. 17, 2024 2199 -
Implementing SAST Security Policies: Effective Strategies for Application Protection Eitam Arad Oct. 10, 2024 2083 -
State of Developer Time Loss 2024: How Arnica’s Pipelineless Security Can Help Eitam Arad Nov. 05, 2024 1748 -
Best Practices for SCA Scanning in Agile Development Eitam Arad Nov. 14, 2024 2326 -
How Arnica's Low-Reputation Package Detection Could Have Prevented the XML-RPC npm Package Breach Eran Medan Dec. 02, 2024 869 -

By Matt Makai. 2021-2024.