Arnica identifies risks in the DevOps tools based on historical behavior of the identities in them. To identify the most accurate risks, access to audit logs, commits, pull requests, and other objects in the DevOps tools is fundamental.

The data ingestion process collects the following data from Source Control Management (SCM) systems:

This data is transformed into metadata before it is persisted. For example, source code changes are translated into vectors, which represent irreversible features about the code.

While the data ingestion process does not store any of the raw collected data, the data ingestion component can be deployed on customers' containerized environment. This option is applicable only for customers with hosted GitHub Enterprise Server.

All data collected from customers' systems is encrypted at rest and segregated per tenant. Any communication to persist the data is encrypted over TLS v1.2 and v1.3.

Any integration removal from Arnica's platform results in deletion of the data from the database as well. Historical reporting will remain available unless the tenant is deleted by the owner.

For more information, please reference our Privacy Policy.