# Arnica Reviews **Vendor:** Arnica **Category:** [Software Supply Chain Security Solutions](https://www.g2.com/categories/software-supply-chain-security-tools) **Average Rating:** 4.9/5.0 **Total Reviews:** 5 ## About Arnica Arnica simplifies and effectively automates source code security, while maintaining or improving development velocity. Arnica uses rich tooling integration, deep learning, and behavioral analytics to empower organizations with the tools to be proactive in building a secure software supply chain. ## Arnica Pros & Cons **What users like:** - Users find the **accuracy of findings** from Arnica crucial for managing privileges and enhancing security measures effectively. (1 reviews) - Users value Arnica for its **effective remediation of over-provisioning** , simplifying security and reducing risk to intellectual property. (1 reviews) - Users appreciate the **easy setup and administration** of Arnica, saving time while meeting their needs effectively. (1 reviews) - Users highlight the **easy setup** of Arnica, appreciating quick administration and minimal time investment. (1 reviews) - Users value Arnica for its ability to **discover and remediate over-provisioning** , enhancing security with minimal developer input. (1 reviews) - Risk Management (1 reviews) - Security (1 reviews) - Users find **Vulnerability Detection** in Arnica invaluable for efficiently identifying and managing security risks in repositories. (1 reviews) **What users dislike:** - Users feel that **paid features are exclusive** to GitHub Enterprise, limiting access for smaller teams seeking full protections. (1 reviews) ## Arnica Reviews ### 1. Intuitive and flexible **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 26, 2024 **What do you like best about Arnica?** Easy setup and administration was my favorite part. It had what we needed, but took a fraction of the time to set up. **What do you dislike about Arnica?** It can be tedious logging in multiple times throughout the day, but Short login sessions are generally more secure. **What problems is Arnica solving and how is that benefiting you?** Arnica assists us with vulnerability detection (SAST and SCA), and it's prioritization to make meaningful strides in remediation. ### 2. Security Professionals operate on the concepts of Need to Know &Least Privileged Access. **Rating:** 4.5/5.0 stars **Reviewed by:** Robert V. | Mid-Market (51-1000 emp.) **Reviewed Date:** March 15, 2023 **What do you like best about Arnica?** Development and Security are often at odds when granting elevated privileges to source code repositories. A security team asking developers to prove they need elevated privileges causes the "Trust Me" conversation, where developers argue that they should be trusted to have complete control of the source code. Adopting Zero Trust strategies is helping to remediate over-provisioning in many systems, but source code repositories remain a source of contention. Arnica allows Security teams to discover elevated privileges that have been granted but rarely if ever, used. With Arnica, Need to Know & Least-Privileged Access metrics are always available without input from developers. Removing unused, elevated privileges effectively reduces the attack surface and associated risk to intellectual property. Remediation of discovered overprovisioning is simple and easily documented for change control. **What do you dislike about Arnica?** The complete feature set in Arnica is only available to GitHub Enterprise organizations. Smaller teams not ready to move to GitHub enterprise will not have the full set of protections. However, discovering and mitigating risk in source code repositories at any level improves overall risk in any software firm. **What problems is Arnica solving and how is that benefiting you?** Securing source code in Agle software firms requires visibility into the privileges granted to the Organization. Repositories are often misclassified as public or "open source" when the proprietary nature of the project is not fully understood. Individuals with unnecessary elevated privileges can expose intellectual property by facilitating collaboration inappropriately. Arnica gives firms visibility, analysis, reporting and remediation capabilities on GitHub. Securing the organization without removing privileges that are necessary for the appropriate individuals. ### 3. Easy to use tool for managing risks on github **Rating:** 5.0/5.0 stars **Reviewed by:** Lucas F. | Director of Engineering, Small-Business (50 or fewer emp.) **Reviewed Date:** December 06, 2022 **What do you like best about Arnica?** Could not be easier to use. Quickly connect to your GitHub and get a robust delineation of all potential vulnerabilities in your repository. Can't wait for more features to come out and to use this tool more regularly as our team scales. **What do you dislike about Arnica?** Very limited areas of confusing UI and ideally would love to see more integrations across my stack to detect vulnerabilities and excessive perms. **What problems is Arnica solving and how is that benefiting you?** Peace of mind knowing that our repo is safe and tightly controlled with a revolving door of contractors coming in and out of our operation. ### 4. Arnica provide both the visibility and the ability to take action with regards to Git permissions. **Rating:** 5.0/5.0 stars **Reviewed by:** Guy G. | Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** October 14, 2022 **What do you like best about Arnica?** Arnica's detections are data-driven, which means it is most likely a true positive when something is detected. Taking action with Arnica against its detection helps ease the mitigation process. Arnica's team is always looking to expand its discoveries with new types of detections and improve existing ones. **What do you dislike about Arnica?** We look forward to expanding our use of Arnica in our environment. **What problems is Arnica solving and how is that benefiting you?** Arnicas solves the Git access management problems that are always left behind because it is time-consuming and hard to manage. The fact that it is done automatically with intelligence helps us implement the solution and take action confidently. ### 5. Arnica made it way easier to manage repo security, saved money too! **Rating:** 5.0/5.0 stars **Reviewed by:** Joe W. | Sr. VP of Technology, Enterprise (> 1000 emp.) **Reviewed Date:** May 25, 2022 **What do you like best about Arnica?** With Arnica, we are streamlining the review process through data driven analytics and automation to guard against the accumulation of excessive permissions. Arnica has already paid for itself through process optimization and developer tool cost savings by right sizing commercial license. **What do you dislike about Arnica?** We are happy with the product capabilities. We are eager to see how the feature set grows. **What problems is Arnica solving and how is that benefiting you?** We are securing the devops supply chain. We are also managing entitlements and permissions for our 3000 developers. The tool is also being used to manage down waste in licensing unused tools. ## Arnica Discussions - [What is Arnica used for?](https://www.g2.com/discussions/what-is-arnica-used-for) - [View Arnica pricing details and edition comparison](https://www.g2.com/products/arnica/reviews?section=pricing&secure%5Bexpires_at%5D=2026-06-02+05%3A00%3A35+-0500&secure%5Bsession_id%5D=a057d63d-70d7-4e87-8cec-432b7d285f09&secure%5Btoken%5D=0c99a61849a352a0321ac6bd824a9ac9b14efba0b28e7ffb7ae2adb69904e7fe&format=llm_user) ## Arnica Features **Administration** - API / Integrations - Extensibility **Functionality - Software Composition Analysis ** - Language Support - Integration - Transparency **Security** - Tampering - Malicious Code - Verification - Security Risks **Risk management - Application Security Posture Management (ASPM)** - Vulnerability Management - Risk Assessment and Prioritization - Compliance Management - Policy Enforcement **Functionality - Software Bill of Materials (SBOM)** - Format Support - Annotations - Attestation **Cloud Visibility** - Data Discovery - Cloud Registry - Cloud Gap Analytics **Analysis** - Reporting and Analytics - Issue Tracking - Static Code Analysis - Code Analysis **Effectiveness - Software Composition Analysis** - Remediation Suggestions - Continuous Monitoring - Thorough Detection **Tracking** - Bill of Materials - Audit Trails - Monitoring **Integration and efficiency - Application Security Posture Management (ASPM)** - Integration with Development Tools - Automation and Efficiency **Management - Software Bill of Materials (SBOM)** - Monitoring - Dashboards - User Provisioning **Security** - Data Security - Data loss Prevention - Security Auditing **Testing** - Command-Line Tools - Manual Testing - Test Automation - Compliance Testing - Black-Box Scanning - Detection Rate - False Positives **Reporting and Analytics - Application Security Posture Management (ASPM)** - Trend Analysis - Risk Scoring - Customizable Dashboards **Identity** - SSO - Governance - User Analytics **Agentic AI - Static Application Security Testing (SAST)** - Autonomous Task Execution **Agentic AI - Application Security Posture Management (ASPM)** - Autonomous Task Execution - Multi-step Planning ## Top Arnica Alternatives - [GitHub](https://www.g2.com/products/github/reviews) - 4.7/5.0 (2,290 reviews) - [GitLab](https://www.g2.com/products/gitlab/reviews) - 4.5/5.0 (877 reviews) - [Wiz](https://www.g2.com/products/wiz-wiz/reviews) - 4.7/5.0 (789 reviews)