We take our own
security seriously
Due to the sensitivity of the data stored in Aikido, security on our own platform is our highest priority.
Privacy
Aikido is in full compliance of the General Data Protection Regulation (GDPR).
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
Read more
Compliancy
Aikido has achieved ISO 27001:2022 compliance & AICPA's SOC 2 Type II certification signifying our commitment to robust information security management.
These globally recognized standards ensure that we systematically identify, assess, and mitigate risks to our information assets.
Request certificate
Local Scanning
if desired, our local scanning (on-prem) functionality ensures that code never leaves your premises.
Read documentation
Aikido
never stores your code.
Aikido doesn't store your code after completing the analysis. We perform actions such as git clones in a fresh docker container for each repository. After analysis, the data is wiped and the docker container is terminated.
Online scanning
For GitHub, no refresh or access tokens are stored in our database. An Aikido database breach would not result in your GitHub code being downloadable. By default, our integrations require a read-only scope.
Local scanning
Alternatively, you can run Aikido locally (on-prem) as well. Download the Aikido local scanners to get started.
Trusted by
innovative dev teams
Embraced by pioneering development teams worldwide.
FAQ
Do I need to give access to my repos to test out the product?
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
What happens to my data?
We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
How can I trust Aikido?
We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.
Does Aikido require agents?
No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!
Share how you score on unbiased standards & best practices
Get an instant SOC 2, ISO 27001 or OWASP Top 10 report
Know where you stand on the technical vulnerability management controls for your compliance certification.
Share your security reports with your leads in just a few clicks, so you can get through security reviews faster.
Decide which information you'd like to share such as:
Aikido is available on any device, worldwide.
Health checks & simple pings of the components are used to check if the functions are operational.
At Aikido, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.