Archipelo is a Developer Security Posture Management (DevSPM) platform that establishes an observability layer for software creation activity. The platform focuses on capturing developer actions, AI-assisted workflows, and tool inventory across the software development lifecycle (SDLC), correlating those actions with downstream security findings. The platform consists of four main components: - Developer Vulnerability Attribution: Traces CVE scan results to attributable developer identities and the specific actions that introduced them, providing a structured link between code scanning output and the human or AI actor responsible. - AI Code Actions Monitor: Establishes visibility into AI-assisted development activity, attributing AI-related research and code-generation signals to identifiable developer events. - Developer Tool Inventory: Creates a centralized inventory of CI/CD pipelines, developer tools, and IDE extensions across connected repositories and developer environments. - Developer Security Posture: Provides a developer-centric view of risk by linking security findings to developer-attributed actions and timestamped SDLC events. Archipelo integrates into development workflows via CI/CD pipelines, browser extensions, and IDE extensions. The platform maintains a historical, timestamped record of developer-attributed source control events, forming a structured data foundation for security investigations, engineering reviews, and compliance documentation. It is positioned as complementary to existing Application Security Posture Management (ASPM) and Cloud-Native Application Protection Platform (CNAPP) tools, operating upstream of artifact and runtime security layers. Target users include security teams, engineering teams, and compliance teams.