Aikido
Start for Free
No CC required
Building Better Code Together

Open Source at Aikido

We proudly contribute to and collaborate on open source projects, working with others to drive innovation in security.

Intel

OSS threat feed

Open source threat intelligence. Using LLMs, the Aikido Research team discloses malicious packages and verified vulnerabilities in open-source ecosystems, within minutes.

Opengrep

SAST engine

A fork of SemgrepCE, it is maintained by mulitple AppSec organizations to advance a vendor-neutral, truly open-source SAST engine.

3,100

Go to Opengrep

How to contribute

Zen

In-app firewall

Block bots, prevent zero-day attacks, and shield your app against threat actors.

Zen is fully open-source, allowing for community scrutiny of our code and vulnerability algorithms

More on Zen

Node.js

PHP

Python

Java

.NET

SafeChain

Prevent malware during install.

Safe Chain wraps npm, npx, yarn, pnpm, and pnpx to block malicious packages, keeping developers safe from supply chain attacks in real-time.

Go to SafeChain

Aikido never stores your code

Aikido doesn't store your code after completing the analysis. We perform actions such as git clones in a fresh docker container for each repository. After analysis, the data is wiped and the docker container is terminated.

For GitHub, no refresh or access tokens are stored in our database. An Aikido database breach would not result in your GitHub code being downloadable. By default, our integrations require a read-only scope.

Alternatively, you can run Aikido locally (on-prem) as well. Download the Aikido local scanners to get started.

Aikido dashboardAikido dashboard

Read documentation

Trusted by innovative dev teams

Henchman logoZus health logoSecure code warrior logolighthouse logoLoctax logoOliva logoVisma
All-in-One Code & Cloud Security Platform

Replace your fragmented security tools with an all-in-one code & cloud security platform

Aikido provides an all-in-one application security solution. No more scattered security toolstack.
Javascript
Typescript
php
dotnet
Java
Scala
C++
Android
Kotlin
Python
Go
Ruby
Dart

Frequent Asked Q's

1
Can I try Aikido without giving access to my own code?
Can I try Aikido without giving access to my own code?
Can I try Aikido without giving access to my own code?
Yes - you can connect a real repo (read-only access), or use our public demo project to explore the platform. All scans are read-only and Aikido never makes changes to your code. Fixes are proposed via pull requests you review and merge.
1
What happens to my data?
What happens to my data?
What happens to my data?
We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.
1
Does Aikido make changes to my codebase?
Does Aikido make changes to my codebase?
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
1
What do you do with my source code?
What do you do with my source code?
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
1
How can I trust Aikido?
How can I trust Aikido?
How can I trust Aikido?
We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.
1
Does Aikido require agents?
Does Aikido require agents?
Does Aikido require agents?
No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!
1
Has Aikido itself been security tested?
Has Aikido itself been security tested?
Has Aikido itself been security tested?
Yes — we run yearly third-party pentests and maintain a continuous bug bounty program to catch issues early.
1
Do you have a bug bounty programme?
Do you have a bug bounty programme?
Do you have a bug bounty programme?
Yes we do! You can find the our bug bounty programmes on Intigriti.

FAQ

More to explore
Documentation
Trust Center
Integrations

Can I try Aikido without giving access to my own code?

Yes - you can connect a real repo (read-only access), or use our public demo project to explore the platform. All scans are read-only and Aikido never makes changes to your code. Fixes are proposed via pull requests you review and merge.

What happens to my data?

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

How can I trust Aikido?

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements. Find out more on our Trust Center.

Does Aikido require agents?

No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!

Has Aikido itself been security tested?

Yes — we run yearly third-party pentests and maintain a continuous bug bounty program to catch issues early.

Do you have a bug bounty programme?

Yes we do! You can find the our bug bounty programmes on Intigriti.

How does Aikido know which alerts are relevant?

We’ve built a rule engine that takes the context of your environment into account. This allows us to easily adapt the criticality score for your environment & filter out false positives. If we’re not sure, the algorithm always reverts to the safest option...

What happens to my data?

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

I don’t want to connect my repository. Can I try it with a test account?

Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!

How is Aikido different?

Aikido combines features from lots of different platforms in one. By bringing together multiple tools in one platform, we’re able to contextualize vulnerabilities, filter out false positives and reduce noise by 95%.

How can I trust Aikido?

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.

More to explore
Documentation
Trust center
Integrations
Use keyboard
Use left key to navigate previous on Aikido slider
Use right arrow key to navigate to the next slide
to navigate through articles
Visit our Blog
The Startup's Open-Source Guide to Application Security
By
Mackenzie Jackson
Mackenzie Jackson

The Startup's Open-Source Guide to Application Security

Guides & Best Practices
December 23, 2024
Read more
Meet Intel: Aikido’s Open Source threat feed powered by LLMs.
By
Mackenzie Jackson
Mackenzie Jackson

Meet Intel: Aikido’s Open Source threat feed powered by LLMs.

Product & Company Updates
December 13, 2024
Read more
Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools
By
Mackenzie Jackson
Mackenzie Jackson

Balancing Security: When to Leverage Open-Source Tools vs. Commercial Tools

Guides & Best Practices
November 15, 2024
Read more

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
No credit card required | Scan results in 32secs.