Arnica Blog - Plushcap

Blog URL

www.arnica.io/resources/blog

Posts YTD

0 ↓ vs 2 last year

Avg Posts/Month

1.6 since 2022

Monthly Post Volume

Start year: 2022 2023 2024 2025 2026

Post Details

Search:

Title	Author	Published	Words	HN Pts
What is Pipelineless Security?	Nir Valtman	2022-12-05	922	2
5 critical lessons from the latest GitHub phishing campaign by Gitloker	Nir Valtman	2024-06-17	1,389	--
Trouble Keeping Track of Your Keys? So Does Toyota: Lessons Learned from …	Nir Valtman	2022-10-12	355	2
Azure Permissions: Managing Granular Permissions in Azure Devops	Eran Medan	2023-01-10	1,645	--
Why Risk Scanning Needs to be Free: Don't Just Find Risks, Fix …	Simon Wenet	2023-11-20	1,283	--
Four takeaways from the NSA's software supply chain security recommendations	Mike Doyle	2022-09-10	963	2
Trying to identify spoofing in GitHub? May the 4th be with you!	Mark Maney	2023-05-03	1,976	1
How to Determine the Severity of a Third-Party Risk with Software Composition …	Simon Wenet	2023-09-27	1,501	--
The Criticality of Context for Addressing Software Supply Chain Risk	Mark Maney	2023-06-19	1,753	--
Should I Manage Code in a Single Organization or Multiple Organizations?	Mark Maney	2023-06-27	1,101	--
[April fools] Introducing SecuriSlow™: Slowing Down Your Developers, Fast	Nir Valtman	2024-04-01	274	--
Analyzing LastPass' Recent Security Incident Notification	Mike Doyle	2022-08-26	785	1
How to ensure your third-party software packages are reputable	Mark Maney	2023-08-16	1,909	--
Afraid of your source code leaking? I can tell by the Twitch …	Nir Valtman	2022-01-10	441	--
Best practices maintaining a secure development environment	Mark Maney	2023-01-11	1,961	--
How We Converted a GitHub Tool Into a General Purpose Webhook Proxy …	Doron Guttman	2023-04-17	1,949	3
Harnessing the Power of Secure Coding Practices for Effective CI/CD Security	Nir Valtman	2023-02-13	1,796	--
How Top Open Source Projects Protect Their Code: Insights and Best Practices	Chris Abraham	2022-02-07	1,237	7
Defending Against Source Code Exfiltration, Fast and Slow	Mike Doyle	2023-04-05	1,272	--
How to ensure you don’t have Sourcegraph secrets in source code	Nir Valtman	2023-09-04	630	3
Malicious Code Campaign on GitHub Repos: Is it Hype or a Dire …	Nir Valtman	2024-03-05	754	2
GitGoat: An Open Source Project of Intentionally (Riskless) Misconfigured GitHub Organizations	Nir Valtman	2022-06-27	307	8
How to Evaluate a Static Application Security Testing (SAST) Solution	Mark Maney	2023-11-13	1,668	--
What to Consider Before Enforcing Multi-Factor Authentication (MFA) on GitHub	Nir Valtman	2022-10-19	1,324	--
Demystifying the Pl0x GitHub attack	Mike Doyle	2022-08-17	1,325	1
Hacking Upstream: Finding a 0-Day in an OpenSSH Key Parser Library	Mike Doyle	2022-07-06	2,826	2
How to prioritize third-party package (SCA) vulnerabilities	Mark Maney	2023-11-28	1,410	--
What Every Developer Needs to Know About GitHub Branch Protection	Nir Valtman	2024-03-13	1,430	1
GitHub Hosted vs. Self-Hosted Runners: Which One Should You Choose?	Eran Medan	2022-11-08	1,426	1
A Complete Guide: Enterprise Managed Users vs Bring Your Own Users on …	Nir Valtman	2023-10-17	1,301	--
GitHub CODEOWNERS: What Every Developer Should Know	Nir Valtman	2022-07-23	1,488	3
Hardening Your Software Development Environment: A Beginner's Guide	Eran Medan	2022-09-21	1,464	3
Security to-do lists slow you down, security tools need to fix the …	Mark Maney	2022-12-19	644	--
Why secrets continue to be a massive problem in source code	Mark Maney	2023-05-30	1,441	--
How insurance tech companies are leading the way on Application Security	Simon Wenet	2023-05-03	970	--
What is an SBOM, what is it not, and do you need …	Mark Maney	2023-03-22	1,649	--
Application Security vs. Software Supply Chain Security: What's the Difference?	Mike Doyle	2022-02-27	1,688	3
Protecting Stale Code Repositories on GitHub: Essential Security Measures	Eran Medan	2022-07-18	1,014	5
SBOM For Your Software Supply Chain: Added Visibility or Security Risk?	Mark Maney	2023-09-19	1,176	--
The Essential Guide to SCA and SAST	Simon Wenet	2024-02-08	505	--
CI/CD Pipeline Security vs. IDE plugins vs. Pipelineless Security	Nir Valtman	2023-11-27	1,881	--
Leveraging EPSS, CVSS, and KEV for Comprehensive Risk Management & Prioritization	Simon Wenet	2024-02-20	1,040	--
How to Detect & Prevent Source Code Exfiltration	Simon Wenet	2023-07-05	1,414	--
Leveraging Developer Security Skills to Fortify your Security Team	Eran Medan	2022-12-14	498	--
The Importance of EPSS in Vulnerability Prioritization: A Holistic Approach	Eran Medan	2023-03-28	628	1
How to prioritize your backlog of hardcoded secrets	Nir Valtman	2023-07-18	1,884	--
Tracing the Impact of a Clothing Retailer's Software Supply Chain Breach on …	Mike Doyle	2022-05-25	467	5
How to Survive a State Actor's Attempt to Put a Backdoor in …	Mark Maney	2022-03-07	598	20
What Developers Can Learn from Taylor Swift's Re-recording Strategy	Nicholas Rodine	2023-06-12	1,107	2
Adopting Pipelineless Security Solutions for Modern AppSec Programs	Simon Wenet	2023-04-10	1,465	--
Github OAuth Apps Security: How to protect yourself against GitHub/OAuth Apps Supply …	Nir Valtman	2022-04-11	460	9
Hacking Hacker News: Lessons Learned from a Security Researcher Wearing A Growth …	Nir Valtman	2022-01-02	886	2
Minimize AppSec Effort and Maximize AppSec Coverage with Pipelineless Security Scanning	Nir Valtman	2024-01-23	1,972	--
Practical Guide for Evaluating Secret Detection Solutions to Fit Modern Software Development	Nir Valtman	2024-06-12	2,043	--
The Importance of Free Secret Detection, Even for Private Repositories	Nir Valtman	2022-05-11	295	19
Why Secret Scanning Visibility Should Be Free & Understanding Where There is …	Mike Doyle	2023-07-11	1,420	--
Need for AppSec exposed by the ‘ResumeLooters’ SQL Injection & XSS Attacks	Nir Valtman	2024-02-13	555	--
New York Times Data Breach Reveals Secrets & Source Code	Simon Wenet	2024-07-10	832	--
Rabbit r1 Data Breach Again Shows The Dire Need for Improved Secrets …	Simon Wenet	2024-06-28	853	--
Building an AppSec Program, Powered by Pipelineless Security	Nir Valtman	2024-08-20	2,644	--
Time for an Honest Talk About Third-Party Risk Management and Software Composition …	Mark Maney	2024-09-10	903	--
Optimizing Code Security: Advanced Strategies in SAST Scanning	Simon Wenet	2024-09-17	2,199	--
Implementing SAST Security Policies: Effective Strategies for Application Protection	Eitam Arad	2024-10-10	2,083	--
State of Developer Time Loss 2024: How Arnica’s Pipelineless Security Can Help	Eitam Arad	2024-11-05	1,748	--
Best Practices for SCA Scanning in Agile Development	Eitam Arad	2024-11-14	2,326	--
How Arnica's Low-Reputation Package Detection Could Have Prevented the XML-RPC npm Package …	Eran Medan	2024-12-02	869	--
SAST vs. DAST: A Comparative Analysis	Simon Wenet	2025-01-07	1,158	--
Launching Opengrep in response to Semgrep's Open Source Licensing Change	Eran Medan	2025-01-23	563	--
Evaluating SCA Tools for Addressing Open Source Vulnerabilities	Anna Daugherty	2025-02-13	2,520	--
Prioritizing AppSec Vulnerabilities: Developer Context vs. Full Reachability	Nir Valtman	2025-02-11	524	--
Direct vs. Transitive Dependencies: Navigating Package Management in Software Composition Analysis (SCA)	Anna Daugherty	2025-02-25	2,908	--
GitHub Actions Supply Chain Attack: What Arnica Customers Need to Know	Eran Medan	2025-03-17	677	--
How Pipelineless SAST Enforces Application Security Without Slowing Developers Down	Anna Daugherty	2025-04-09	1,501	--
Arnica Now Available on AWS Marketplace	Anna Daugherty	2025-04-23	384	--
SCA Testing for Secure Software Development: When, Where, and How to Scan …	Arnica	2025-05-01	2,074	--
How Regulated Industries Can Evaluate Pipelineless Security Integration Solutions	Arnica	2025-05-14	2,721	--
Understanding the Hidden Costs of DevSecOps Automation Tools	Anna Daugherty	2025-05-10	2,089	--
“Increasing AppSec effectiveness isn’t just a fantasy.” - Key Takeaways from GISEC …	Anna Daugherty	2025-05-09	506	--
Top Application Security Posture Management Tools DevSecOps Teams Rely On	Arnica	2025-07-01	1,782	--
Arnica Recognized by Gartner® in the 2025 Hype Cycle™ for Software Engineering	Anna Daugherty	2025-07-10	86	--
Incremental SCA Scanning Strategies for Large-Scale Monorepos	Arnica	2025-07-15	944	--
Customizing Software Composition Analysis Tools to Enforce Industry-Specific Risk Thresholds	Arnica	2025-07-15	924	--
Using Behavioral Analytics to Improve Real-Time Application Security Monitoring	Arnica	2025-06-26	1,256	--
ASPM Tools That Empower Developers Without Slowing Them Down	Arnica	2025-07-01	1,553	--
Arnica Named a Representative Vendor in 2025 Gartner Hype Cycle for Application …	Anna Daugherty	2025-07-31	471	--
Designing Automated Security Workflows Across Multi-Cloud Codebases	Arnica	2025-06-26	1,066	--
Arnica Positioned as a Major Player in the 2025 IDC MarketScape for …	Anna Daugherty	2025-09-09	429	--
Meet Arnie: Your AI Code Protector	Arnica	2025-09-23	764	--
Secure Coding Agent Architectures for Enterprise Repositories	Arnica	2025-10-03	1,400	--
Building a Zero-Trust Model for Agentic AI Security	Arnica	2025-10-03	1,460	--
From Vibe Coding to Viable Coding: How to Make AI Work in …	Arnica	2025-10-08	500	--
Why Agentic AI Is the Next Leap in Retail Decision-Making	Arnica	2025-10-27	1,044	--
Beneath the Surface of Multi-Agent AppSec	Nir Valtman	2025-11-04	734	--
Securing the Agentic Era: What the Arnica Team Learned at OWASP US …	Arnica	2025-11-10	791	--
Shai Hulud 2.0: How to Immediately Identify Your Exposure with Arnica's New …	Arnica	2025-11-24	379	--
Arnica Named a Leader in the 2025 Frost Radarâ¢ for Application Security …	Arnica	2025-12-10	526	--
Top 6 AI SAST Tools for 2026: The Quick Guide to Agentic …	Arnica	2025-12-15	1,464	--
2026 AppSec Predictions: The Year We Confront AI Reality	Arnica	2025-12-22	882	--

Plushcap, by Matt Makai. 2021-2026.