Archipelo is a Developer Security Posture Management (DevSPM) platform that establishes an observability layer over the software creation process by capturing and attributing developer actions across the SDLC. The platform links security scan results (such as CVE findings) to the specific developer identities and timestamped actions that introduced them, providing traceability from code origin to downstream security signals. This fills a gap left by traditional code scanners, which identify vulnerabilities but do not attribute them to the developers or events that created them. Core capabilities include: - Developer Vulnerability Attribution: Traces CVE scan results to specific developer identities and the actions that introduced them. - AI Code Actions Monitor: Provides visibility into AI-assisted development activity, attributing AI-related research and code-generation signals to identifiable developer events. - Developer Tool Inventory: Automatically discovers and maintains a centralized inventory of CI/CD tools, developer extensions, and related tooling across connected repositories and developer environments. - Developer Security Posture: Aggregates developer-attributed actions and linked security findings into a structured data foundation for security, engineering, and compliance teams. The platform integrates into development workflows via CI/CD pipelines, browser extensions, and IDE extensions. It maintains a historical, timestamped record of coding events tied to developer identity, supporting use cases across security investigation, engineering review, and compliance auditing. Archipelo is positioned as complementary to ASPM and CNAPP platforms by adding developer-level attribution context upstream of artifact and runtime security layers.