Arnica, a behavior-based application security platform, has recently announced the integration of its application security capabilities into Bitbucket, a source-code management solution owned by Atlassian. This integration marks a significant development in the field of application security, making Arnica the first pipelineless security solution to provide private security feedback to developers in real time and in-line pull request comments for Bitbucket users.
The need for effective application security measures has become increasingly evident as the number of malicious web application transactions continues to rise. According to Radware’s HI 2023 Global Threat Analysis Report, there has been a 500% increase in such transactions in the first half of 2023 compared to the same period last year. This shift in focus among attackers towards targeting application layers highlights the critical importance for organizations to ensure their software is developed with the right security protocols in place to protect data and mitigate vulnerabilities.
Recognizing this demand, Arnica has introduced a range of features in its integration with Bitbucket to enhance application security. Bitbucket users now have access to static application security testing (SAST), infrastructure as code (IaC) security scanning, software composition analysis (SCA), and third-party package reputation scanning. This comprehensive suite of tools equips developers with the means to detect and address security risks within their applications.
In addition to these security capabilities, Arnica also offers prioritization and product ownership features to empower developers using Bitbucket within their workflows. This ensures that developers have 100% coverage of their development ecosystem, with real-time risk detection even before the CI/CD pipeline. The automated mitigation capabilities provided by Arnica further streamline the development process, allowing developers to address security issues promptly and efficiently.
One of the notable aspects of Arnica’s integration with Bitbucket is the direct feedback it provides to developers when a risk is detected. As Nir Valtman, CEO and founder of Arnica, explains, developers can develop at their desired velocity without any friction. When they push code, Arnica scans for risks and immediately provides feedback to the developer when a risk is detected. This direct and real-time feedback enables developers to address security issues promptly and make necessary changes to their code.
A key feature of Arnica’s feedback system is its ability to notify developers about possible secret exposure. When a developer unintentionally pushes a secret in a commit, Arnica sends a notification via Slack or Microsoft Teams, alerting them to the potential exposure. To simplify the remediation process, Arnica also provides a “fix it for me” button that automates the removal of the secret from the commit, as well as its removal from the git history. This automation eliminates the need for developers to manually undertake labor-intensive tasks, enabling them to focus on their core development responsibilities.
Overall, the integration of Arnica’s application security capabilities into Bitbucket represents a significant step forward in ensuring the security of software applications. By providing developers with real-time feedback and comprehensive security scanning tools, Arnica empowers developers to create secure applications without impeding their development speed. As the threat landscape continues to evolve, solutions like Arnica’s integration with Bitbucket become essential for organizations to safeguard their applications and protect sensitive data.