Security

Secure software for securing your software.

Arnica is your trusted partner in Application Security. That is why we constantly leverage and improve on industry best practices and maintain key compliance standards.

View our privacy policy

Compliance & Certifications

Arnica uses Drata to continuously monitor our adherence with the compliance controls we have in place.

Request compliance report

SOC2 Type 2

Logo for SOC certification

Arnica is SOC 2 Type 2 compliant. Arnica undergoes annual examination of our SOC 2 Type 2 controls against the AICPA defined standards with a third-party audit firm to ensure the security of our platform and its supporting infrastructure.

ISO 27001
Logo from ISO certification

Streamline mitigations, respond to vulnerabilities by delivering alerts to developers—all directly within Slack and Microsoft Teams. Arnica enables seamless security actions, all while increasing development velocity.

Security Best Practices

Infrastructure security

Hosted on a leading cloud infrastructure provider (AWS) with complete network and perimeter protection.

Customer data protection

Logical tenant separation, encryption in-transit (TLS 1.2, TLS 1.3) and encryption at-rest (AES 256).

Disaster recovery

Built on the ISO 27001 framework, coupled with the robustness of the AWS infrastructure, Arnica's platform supports a multi-site disaster recovery plan, processes, and framework.

99.9% uptime

Built on the ISO 27001 framework, coupled with the robustness of the AWS infrastructure, Arnica's platform provides the highest level of uptime support.

Arnica-on-Arnica

Arnica utilizes the most effective application security policies leveraged by our customers.

Is Arnica right for your team?

Let's Talk

Real-time detection.

Sensor icon

Every code risk, medium severity and above, is identified within every code push.

Developer collaboration.

Message icon

Code risks are communicated directly to developers privately in Slack.

Dismissal workflows.

Three way arrow icon

Risk dismissals are automatically routed to the right stakeholders for review. Developers are notified immediately upon a decision.

PR comments.

Highlighter icon

Arnica annotates any outstanding code risks in the pull request and fails the status check. Code cannot be merged until these risks are addressed.

Woot woot.

Fireworks icon

If a vulnerability in production is mitigated by a developer, Arnica celebrates the fix in a comment on the pull request.

Secrets mitigation.

Input password icon

Valid secrets with a medium severity and above are automatically mitigated by Arnica.

Trusted by world class security teams.

Logo ticker Logo ticker 2
Sunbit logoCustomer logo
Customer logo Customer logo
Customer logo Customer logo
Customer logo Customer logo
Customer logo Customer logo

More on Arnica’s Security Posture

Privacy Policy

Official source for all things data privacy at Arnica.

Read our policy
Data Handling

How does Arnica handle data ingested from your source code tools?

Request our docs
Legal Overview

Your single source for the terms of use of the Arnica platform.

Request our terms of use

Frequently asked questions

Contact
Where is Arnica’s product infrastructure hosted?

Arnica’s product is hosted on Amazon Web Services (AWS) infrastructure or within your on-premises infrastructure. Arnica’s product is hosted with cloud infrastructure providers that have SOC 2 Type 2 and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.

Does Arnica have a SOC2 Type 2 Report?

Arnica is SOC2 Type 2 compliant. Contact us for more details or to access our report.

What is Arnica’s uptime commitment?

Arnica is committed to ensuring the availability of our systems by using commercially reasonable efforts to meet a service uptime of 99.95% for our subscription service in a given calendar month.

How does Arnica encrypt data?

All sensitive interactions within the Arnica’s product (e.g., API calls, login, authenticated sessions to the customer's portal, etc.) are encrypted in-transit with TLS 1.2 or 1.3 and 4,096 bit keys or better.

Arnica leverages several technologies to ensure stored data is encrypted at rest. The virtualized hard drives used by the Arnica product server instances as well as long-term storage solutions like AWS S3 use AES-256 encryption.

How do I set up Single Sign On (SSO)?

Arnica supports SSO for all users, whether free or paid, through “Sign in with” options such as Google, Azure AD, Bitbucket, and GitHub. For Enterprise customers, Arnica also supports a direct SAML v2 integration and user provisioning.

How do I control & restrict access to the Arnica product?

The Arnica product enforces authorization rules for customers. Customers are empowered to create and manage users of their portals and assign the privileges that are appropriate for those users through a robust Role Based Access Control (RBAC) mechanism within the platform.

What third-party vendors will have access to my data?

You can refer to the Sub-processors section of our website for an updated list of third-party vendors leveraged by Arnica.

Always be ready for your next audit or customer request.

Get your always up-to-date SBOM in 5 minutes.

Try Arnica