Archipelo provides intelligent code provenance and software supply chain security. Our mission is to empower organizations to verify code provenance and secure software supply chains. 

We do this by providing the underlying system of record for Code Provenance in every organization. We empower organizations with proactive observability of their software supply chain at the earliest stages of the SDLC—before, during, and after every code commit and release. Our technology solutions capture a historical record of how organizations create, develop, and release software enabling the identification of security and compliance risks at the earliest stages of development.

We define this new category of cybersecurity software as Developer Security Posture Management (DevSPM), which aims to enhance the security and compliance practices in software development by focusing on the role of developers.

Traditionally, code provenance, security, and compliance have primarily focused on the code committed into repositories and the associated build and deployment processes. However, DevSPM expands the scope of provenance beyond the code itself and recognizes developers as a crucial element of the software supply chain.

One of the key aspects of DevSPM solution is its proactive "beyond left" approach. Instead of focusing solely on collecting artifacts after code is committed, it captures the contextual information and metadata associated with development events, tools, and developer-accessed sites from the early stages of the software development life cycle (SDLC). 

It empowers development teams and organizations to verify the origin of their code effectively, reliably answering critical questions about who contributed to the code, what changes were made, what influenced these changes and when those changes occurred.

DevSPM emphasizes the importance of early detection and remediation of security and compliance issues. By identifying potential risks as soon as possible, development teams can take prompt actions to prevent these issues from escalating into more significant problems.

Another advantage of DevSPM solution is the creation of a comprehensive knowledge base. The container of code artifacts and insights offers organizations a valuable resource for improving productivity and learning from past experiences. Unlike adjacent markets that may focus solely on security or compliance, DevSPM's holistic approach ensures that the knowledge base is not just a byproduct of security measures but a central asset that can be leveraged to boost understanding, efficiency, and the overall quality of software development.

To qualify for inclusion in the Developer Security Posture Management (DevSPM) category, a product must:

• Recognize the role of developers as a crucial element in the software supply chain, expanding the scope of code provenance beyond the code itself.
• Implement a proactive "beyond left" approach, capturing contextual information and metadata associated with development events, tools, and developer-accessed sites from the early stages of the software development life cycle (SDLC).
• Enable development teams and organizations to verify the origin of their code effectively, answering critical questions about contributors, changes made, influences on changes, and when changes occurred.
• Emphasize early detection and remediation of security and compliance issues, allowing development teams to take prompt actions to prevent escalation.
• Create a comprehensive knowledge base, serving as a valuable resource for improving productivity and learning from past experiences.
• Offer a holistic approach that goes beyond just security or compliance, ensuring the knowledge base is a central asset for boosting understanding, efficiency, and overall software development quality.
• Demonstrate a commitment to improving the overall security and compliance posture of the software development life cycle.
• Contribute to a proactive and preventative security culture within development teams and organizations.

We are Archipelo

At Archipelo, we are committed to empowering developers and organizations to build secure software and be more productive. We achieve this by delivering an intelligent solution that enables developers and organizations to maintain the provenance of their code and ensure the highest level of software security and integrity without compromising the speed of delivery.

Co Author: Kacper Skawinski