Arnica raises $7M to improve software supply chain security



Arnica, a startup that takes a broader view of supply chain security than most of its competitors, announced on Thursday that it has raised a $7 million seed round. The company claims that supply chain attacks succeed because of inefficient developer access management or the inability to detect anomalous developer behavior. It also offers secret detection to avoid leaking those features. Notably, Arnica is the world’s first startup accelerator for software supply chain security.




Everybody wants to talk about software supply chain risks these days, whether that’s security teams, developers or government officials. It’s no surprise then, that VCs, despite the current economic climate, continue to fund startups in this space, too. One of the newest members in this club is Arnica, a startup that takes a somewhat broader view of supply chain security than most of its competitors and helps companies. The company today announced that it has raised a $7 million seed round.


The round was led by Joule Ventures and First Rays Venture Partners. A number of angel investors, including Avi Shua (co-founder & CEO of Orca Security), Dror Davidoff (co-founder & CEO of Aqua Security) and Baruch Sadogursky (head of Developer Relations at JFrog), also participated in this round.

ラウンドは、Joule VenturesとFirst Rays Venture Partnersが率いました。Avi Shua(ORCA Securityの共同設立者兼CEO)、Dror Davidoff(Aqua Securityの共同設立者兼CEO)、Baruch Sadogursky(JFrogの開発者関係の責任者)など、多くのエンジェル投資家もこのラウンドに参加しました。

Arnica founding team. Image Credits: Arnica “As a former buyer of application security products, I tested more than a dozen solutions for securing my previous company’s software supply chain but reached a dead end. Most products were expensive visibility dashboards driven by varying definitions of “best practices,” said Arnica CEO and co-founder Nir Valtman. “We decided to provide this visibility for free, for unlimited users, forever. We went further though and developed a comprehensive solution to not only identify risks based on historical and anomalous behavior but also to mitigate them. We do this by using automated workflows with single-click mitigations that empower developers to own security from within the tools they already use.” The team argues that supply chain attacks succeed because of inefficient developer access management or the inability to detect anomalous identity or code behavior. So that’s where Arnica comes in. Its behavior-based approach combines access management and a service that can detect anomalous developer behavior that could be the result of a breach.

Arnica Founding Team。画像クレジット:Arnica「アプリケーションセキュリティ製品の元購入者として、私は以前の会社のソフトウェアサプライチェーンを保護するために12を超えるソリューションをテストしましたが、行き止まりに達しました。ほとんどの製品は、「ベストプラクティス」のさまざまな定義によって駆動される高価な可視性ダッシュボードでした、とArnicaのCEO兼共同設立者のNir Valtmanは述べています。 「私たちは、この可視性を無料で、無制限のユーザーのために永遠に提供することにしました。しかし、私たちはさらに進んで、歴史的および異常な行動に基づいてリスクを特定するだけでなく、それらを軽減するための包括的なソリューションを開発しました。これは、開発者が既に使用しているツール内からセキュリティを所有できるようにするシングルクリックマイテーションで自動化されたワークフローを使用して使用します。」チームは、サプライチェーン攻撃が非効率的な開発者アクセス管理、または異常なアイデンティティまたはコードの動作を検出できないため、成功すると主張しています。そこでArnicaが登場します。その動作ベースのアプローチは、アクセス管理と、違反の結果となる可能性のある異常な開発者行動を検出できるサービスを組み合わせています。

“Each of our machine learning algorithms have thousands of features that identify whether it was actually the developer who wrote the pushed code,” explained Valtman. “When an anomaly is detected, it kicks off an immediate workflow to validate it with the developer in a simple and secure way. It is not only good for the company, but also good for developers.” There’s also secret detection to avoid leaking those, a service that continuously monitors security and compliance and tools for identifying the open source libraries used across an organization, which can also compile a full software bill of materials (SBOM).


The company plans to use the new funding to accelerate its go-to-market and R&D efforts, with a focus on expanding its automated workflows and mitigation capabilities.


“In a market full of security solutions adding only incremental value, Arnica’s instant resolution-oriented approach is a game changer for enterprise dev teams,” said Brian Rosenzweig, partner at Joule Ventures. “Arnica goes beyond just flagging security problems — every issue that is identified can be immediately addressed with a provided one-click fix. This allows businesses to quickly protect their software supply chain from attacks, while behavior-based detection ensures it remains secure in the long term. Arnica’s pragmatic approach and advanced technology enable companies to avoid costly breaches without compromising on agility.”

「漸進的価値のみを追加するセキュリティソリューションでいっぱいの市場では、Arnicaのインスタント解像度指向のアプローチは、エンタープライズ開発チームのゲームチェンジャーです」とJoule VenturesのパートナーであるBrian Rosenzweigは述べています。「Arnicaは、セキュリティの問題にフラグを立てるだけではありません。特定されたすべての問題は、提供されたワンクリック修正ですぐに対処できます。これにより、企業はソフトウェアのサプライチェーンを攻撃から迅速に保護できますが、動作ベースの検出により、長期的には安全なままになります。Arnicaの実用的なアプローチと高度なテクノロジーにより、企業は敏ility性を損なうことなく、費用のかかる違反を回避できます。」