New Feature: Anomalous Developer Behavior | Arnica

What user pains exist?

As development processes continue to prioritize speed and agility, code commits are increasing in both frequency and complexity, adding to the already large burden of properly reviewing and monitoring potentially malicious developer activity. The rigor and granularity required to accurately review code has never been higher, and each pull request that gets rubber stamped presents both operational and security  risks for malicious or abnormal activity to go undetected.  

Code commits frequently include comments that carry little or no context, and reviewers seldom have the time and knowledge required to completely audit all activity and code within each pull request.  

This leads to code review processes that fail to properly defend against malicious code and developer account takeovers.  

What we built!

Arnica’s approach to monitoring the development ecosystem goes beyond individual pull request reviews. At the time of integration, Arnica scans the historical activity of each developer and creates a behavioral profile. This profile is then used as a fingerprint, which is compared to all future activity in real time. Arnica’s anomaly detection models generate alerts when a user’s activity does not match their historical behavior, or when code is pushed that does not seem to belong to the  repository.  

Arnica’s continuous and automated solution ensures that any abnormal behavior is flagged, and a user or group of users is notified for secondary review. The notification is set as a policy and can be configured to instantly request push verification by the developer, to ensure they were the author, or notify a specified user or group of users for additional oversight.  

‍