Arnica and Azure DevOps

The arnica Azure DevOps (ADO) integration provides convenient and simplified visibility to the most important aspects of your development ecosystem, surfacing risks, identifying cost savings, and automating threat mitigation processes while maintaining an exportable audit trail.

Below are some of the primary features that Arnica provides for Azure DevOps:

ADO inventory view:

ADO Inventory views summarize Identities, Repos, and Apps that exist within your organization, improving visibility into important metrics such as highest privilege level for each identity, and time since last action within each repo.

ADO excessive permissions risks:

Arnica maps the explicit and implicit permissions of each identity within your organization, creating an analyzed matrix of access to each asset. Comparing this matrix to user behavior, Arnica identifies unused and excessive permissions, identifying risks at each permission level and presenting an automated mitigation path.

ADO hardening and configuration risks:

Arnica scans your organization’s configurations down to the branch level to identify threats that stem from incorrect configurations or stale assets, including stale repositories and stale users. It also analyzes security configurations and surfaces inconsistencies in branch protection policies.

ADO secret detection:

Arnica’s secret detection scans your Git repos for historically added hardcoded secrets and monitors your future commits in real-time to prevent new secrets from being added. These secrets are validated at the time of detection, and a list of users who have interacted with the secret is provided to assess the exposure level of each hardcoded secret.

Arnica also offers policy-based alerts that can notify developers directly when a new secret is pushed, providing automated secret mitigation and removal before the secret can be duplicated in other branches or local instances.

ADO anomaly detection:

Arnica’s anomaly detection feature protects your development ecosystem from malicious code and account takeover.
After your first integration, Arnica’s ML engine ingests and analyzes your developer’s historical behavior and creates a fingerprint for each developer and each repository. These fingerprints are then used to monitor future commits, flagging activity that does not align with a developer’s normal behavior, or code that is abnormal for a given repository.

Arnica ADO mitigations:

For each of the risks identified, Arnica will provide a one-click mitigation which eliminates the risk. This process reduces time to response, increases effectiveness of your DevOps team, and logs activity for future compliance reviews.

Did this answer your question?