Open Source at Aikido

When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.

We can’t & won’t, this is guaranteed by read-only access.

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.

No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!

‍

Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.

Yes we do! You can find the our bug bounty programmes on Intigriti.