Everyone wants to talk about software supply chain risks these days, whether they’re security teams, developers, or government officials. No wonder, then, that despite the current economic climate, VCs continue to fund startups in this space as well. One of the newest members of this club is Arnica, a startup that takes a somewhat broader approach to supply chain security than most of its competitors and helps companies. The company announced today that it has raised $7 million in seed funding.
The round was led by Joule Ventures and First Ray Venture Partners. Several angel investors also participated in the round, including Avi Shua (Co-Founder and CEO of Orca Security), Dror Davidoff (Co-Founder and CEO of Aqua Security) and Baruch Sadogursky (Head of Developer Relations at JFrog).
“As a former buyer of application security products, I tested more than a dozen solutions to secure the software supply chain at my previous company but came to a dead end. “Most products were expensive visibility dashboards driven by different definitions of best practices,” said Nir Valtman, CEO and co-founder of Arnica. “We have decided to provide this visibility for free, to unlimited users, forever. Yet we went ahead and developed a comprehensive solution to not only identify risks based on historical and inconsistent behavior, but to mitigate them. We do this using automated workflows with single-click mitigation that empower developers to take ownership of security from the tools they already use.”
The team argues that ineffective developer access management or an inability to detect inconsistent identity or code behavior make supply chain attacks successful. So that’s where Arnica comes in. Its behavior-based approach combines access management and a service that can detect anomalous developer behavior that could be the result of a breach.
“Each of our machine learning algorithms has thousands of features that identify whether the pushed code was actually the developer,” Waltman explained. “When a discrepancy is detected, it immediately initiates a workflow for the developer to validate it in a simple and secure way. This is not only good for the company but also good for the developers. “
To prevent it from leaking, there’s also Secret Search, a service that continuously monitors security and compliance and tools to identify open source libraries used in an organization, which can also compile a complete software bill of materials (SBOM).
The company plans to use the new funding to accelerate its go-to-market and R&D efforts, focusing on expanding its automated workflow and mitigation capabilities.
“In a market saturated with security solutions that only add incremental value, Arnica’s rapid resolution-providing approach is a game changer for enterprise development teams,” said Brian Rosenzweig, partner at Joule Ventures. “Arnica goes beyond just flagging security issues — every issue identified can be instantly resolved with one click. This allows businesses to quickly protect their software supply chain from attacks, while behavior-based detection ensures long-term security. Arnica’s pragmatic approach and advanced technology enable companies to avoid costly breaches without compromising agility.”