The CRA Readiness ChecklistGet the checklist →

    Back to integrations
    SCASASTASPM

    Arnica integration

    Triage Arnica SCA, SAST, and ASPM findings with exploitability evidence and remediation context.

    Integration details

    Primary category

    AppSec Posture Management

    Sync direction

    Arnica ↔ Konvu

    Findings are ingested from Arnica into Konvu. Based on your workflow, Konvu can then push context, status changes, and severity updates back to Arnica.

    Status

    Available

    What is Arnica?

    Arnica is an agentic application security platform for enterprise teams, covering SCA, SAST, IaC, secrets, AI code governance, and developer-native remediation workflows across the SDLC.

    Why connect Arnica to Konvu

    • Layer Konvu exploitability analysis onto Arnica findings so teams can separate actionable risk from scanner noise.
    • Prioritize Arnica SCA and SAST issues based on reachable code paths, exploitation evidence, and deployment context.
    • Sync evidence-backed triage decisions into Arnica workflows so developers get the right fix context where they already work.

    How it works

    1

    Scan

    Arnica produces findings from scans or assessments.

    2

    Ingest & enrich

    Konvu ingests those findings and enriches them with code, configuration, and deployment context.

    3

    Assess exploitability

    Konvu determines exploitability and recommended action with evidence attached.

    4

    Sync decisions

    Based on your workflow, Konvu can push context, status updates, and severity adjustments back into Arnica.

    Quick setup

    Configure Arnica from the integrations list in Konvu.

    1. 1Go to /configuration/integrations in Konvu and choose Arnica.
    2. 2Authorize access and confirm the data sources you want to sync.
    3. 3Save the configuration to start syncing.

    Sync direction

    Arnica ↔ Konvu

    Findings are ingested from Arnica into Konvu. Based on your workflow, Konvu can then push context, status changes, and severity updates back to Arnica.

    More integrations

    View all
    Available

    Checkmarx

    Focus Checkmarx SAST and SCA alerts on code paths with demonstrated exploit potential.

    • SAST
    • SCA
    Available

    GitHub

    Prioritize GitHub CodeQL and Dependabot alerts by adding exploit context to each finding.

    • SAST
    • SCA
    • Ticketing & Messaging
    Available

    GitLab

    Add exploitability analysis to GitLab's built-in SAST and SCA pipeline findings.

    • SCA
    • SAST
    • Ticketing & Messaging
    Available

    Semgrep

    Triage Semgrep's rule-based code findings and supply chain alerts with exploit evidence.

    • SAST
    • SCA
    Available

    Snyk

    Triage Snyk vulnerabilities across code, dependencies, and containers with exploit context.

    • SCA
    • SAST
    • Container Security
    Available

    Veracode

    Prioritize Veracode policy violations by identifying which findings are exploitable.

    • SCA
    • SAST