.svg)
Review
“Aikido makes your security one of your USPs thanks to their integrated automated reporting solution, which helps for ISO & SOC2 certification”
Fabrice G
Managing director at Kadonation
Custom
Connect your own scanner
- Continuously monitors your code for known vulnerabilities
- Auto-triaging to filter out false positives
- Clear remediation advice & auto-fix option
Import findings from
SonarQube
why aikido?
Leveraging best-in-class open source
Full coverage through a combination of renowned open source scanners. Improved by our own magic sauce.
Covers all languages
Open source tools don't always support all languages. Aikido combines multiple scanners to fix all gaps. (For example, Aikido supports .csproj files out of the box)
Check language support
Works out of the box
Open source projects tend to be hard to set up and keep running flawlessly. Aikido fixes any issues and keeps your scans going. On top of that, you're able to easily see if you're missing lockfiles.
Check language support
Advanced Features
Features that you'll love
1
Automated triaging
Reachability Analysis
Aikido checks if you're using a certain function. If not, it's clearly a false positive and it's automatically triaged.
Read about our reachability engine
Instant Deduplication
When Aikido finds a vulnerability, it will report these issues as one issue. Unlike other scanners that will overload you with 20 separate issues if the affected function is found multiple times.
Fast Triaging
Over 30 auto-ignore rules filter out false positives. You can feed Aikido with information to automatically adapt severity scores. (What's staging/production? What resources you consider critical?)
Read how Aikido reduces the noise
2
Actionable advice
No needless CVE research. Aikido gives you the TL;DR, tells you how you're affected & how you can most easily fix it. The fastest way to remediate your security issues.
Learn more
Aikido's other scanners
Built on reliable open source security scanners, all combined in one platform. Enhanced with our own code to cover any scanning gaps.
Cloud
Cloud posture management (CSPM)
Detects cloud infrastructure risks across major cloud providers.
Leverages
CloudSploit
Custom Rules Engine
Code & Containers
Open source dependency scanning (SCA)
Continuously monitors your code for known vulnerabilities, CVEs and other risks.
Leverages
Trivy
Syft
Grype
Custom Rules Engine
Code
Secret Detection
Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...
Leverages
Gitleaks
Code
Static code analysis (SAST)
Scans your source code for security risks before an issue can be merged.
Leverages
Semgrep
Gosec
Custom Rules
Code
Infrastructure as code
Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.
Leverages
Checkov
Containers
Container image scanning
Scans your container OS for packages with security issues.
Leverages
Syft
Grype
AWS Inspector
Custom Scanner
Domain
Surface monitoring (DAST)
Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.
Leverages
ZAP
Nuclei
Custom Rules
Code & Containers
Open source license scanning
Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..
Leverages
Syft
Grype
Custom Rules
Code
Malware detection in dependencies
Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.
Leverages
Phylum
Code & Containers
Outdated Software
Checks if any frameworks & runtimes you are using are no longer maintained.
Leverages
endoflife.date
Custom
Connect your own scanner
Imports and auto-triages findings from your current scanner stack.
Import from
GitHub Advanced Security
SonarQube
FAQ
More to explore
Is Aikido's software pentested?
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
Can I also generate an SBOM?
You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
Do I need to give access to my repos to test out the product?
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
I don’t want to connect my repository. Can I try it with a test account?
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
More to explore
Trusted by development teams around the world
.svg){kind=icon}
Get started for free
No credit card required.
