Building Better Code Together

Open Source at Aikido

We proudly contribute to and collaborate on open source projects, working with others to drive innovation in security.

Opengrep

SAST engine

A fork of SemgrepCE, it is maintained by mulitple AppSec organizations to advance a vendor-neutral, truly open-source SAST engine.

3,100

Go to Opengrep

How to contribute

Zen

In-app firewall
‍
Block bots, prevent zero-day attacks, and shield your app against threat actors.

Zen is fully open-source, allowing for community scrutiny of our code and vulnerability algorithms

SafeChain

Prevent malware during install.
‍
Safe Chain wraps npm, npx, yarn, pnpm, and pnpx to block malicious packages, keeping developers safe from supply chain attacks in real-time.

Go to SafeChain

Betterleaks

A better secrets scanner
‍
Built by the creator of Gitleaks, the widely used open-source secret scanner, BetterLeaks helps developers detect exposed API keys, tokens, and credentials across repositories and git history, allowing teams to catch leaks early and prevent attackers from abusing compromised secrets.

Go to Betterleaks

All-in-One Code & Cloud Security Platform

Replace your fragmented security tools with an all-in-one code & cloud security platform

Aikido provides an all-in-one application security solution. No more scattered security toolstack.

FAQ

Frequently Asked Questions

Can I try Aikido without giving access to my own code?

Yes - you can connect a real repo (read-only access), or use our public demo project to explore the platform. All scans are read-only and Aikido never makes changes to your code. Fixes are proposed via pull requests you review and merge.

What happens to my data?

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

How can I trust Aikido?

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements. Find out more on our Trust Center.

Does Aikido require agents?

No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!

‍

Has Aikido itself been security tested?

Yes — we run yearly third-party pentests and maintain a continuous bug bounty program to catch issues early.

Do you have a bug bounty programme?

Yes we do! You can find the our bug bounty programmes on Intigriti.

Use keyboard

to navigate through articles

Visit our Blog