Container image

Container image scanning

Scan your container operating system for packages with security issues.

  • Checks if your containers have any vulnerabilities (Like CVEs)
  • Auto-triaging to filter out false positives
  • Highlights vulnerabilities based on container data sensitivity.
Trusted by 25k+ orgs | See results in 30sec.
Dashboard with autofixes tab

“We had experience with other tools, but we wanted to revisit the market and see what the state of play was. Aikido quickly stood out as a top choice.”

"We actually consider Aikido a bit of a learning platform for our developers, because the issues come with very clear explanations.”

Security is no longer an afterthought. With Aikido, we’re integrating it directly into our DevOps pipeline to ensure it’s a seamless part of our workflow.

Container registries covered

Docker

GCP

Azure

AWS

GitLab

Digital Ocean

Red Hat

JFrog

Scaleway

Cloudsmith

Aikido

GitHub

Harbor

Importance of Container Image Scanning

Why should you do container image scanning?

down arrow

Container images are a risk as they can be exposed to the web. (think of OpenSSL, nginx,...)

Vanta

Secure Dependencies in Containers

Find and fix vulnerabilities in open source dependencies used in base images and Dockerfile commands.

funnel symbol

End-of-life Runtimes

Protect your application from outdated runtimes that could be vulnerable. Outdated runtimes are typically a forgotten issue, but could pose big security risks.

Features

Container Scanning Features

1

Find issues that matter

Detect vulnerabilities such as dependencies, outdated software, malware & licenses in base image dependencies, Dockerfile commands, and Kubernetes workloads.

Aikido dashboard
Aikido dashboard
2

Automated triaging

3

Autofix container images

Fix your container images in just a few clicks, saving your developers hours of work. Aikido indicates how many issues will be fixed & even if new issues would be introduced.

Aikido dashboard
Aikido dashboard
4

End-of-life Runtimes

Protect your application from outdated runtimes that could be vulnerable. (For example nginx, OpenSSL,...) Outdated runtimes are typically a forgotten issue, but could pose big security risks.

5

Beyond standard databases

Aikido checks the standard databases—NVD and GitHub Advisory Database (GHSA)—but goes further. Aikido Intel is uncovering undisclosed or new vulnerabilities without CVEs, we provide the broadest and most proactive security coverage.

Aikido's other scanners

One security platform, covering you from code to cloud.

Code & Containers

Open source dependency scanning (SCA)

Continuously monitors your code for known vulnerabilities, CVEs and other risks.

Code

Static code analysis (SAST)

Scans your source code for security risks before an issue can be merged.

Domain

Surface monitoring (DAST)

Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks.

Cloud

Cloud posture management (CSPM)

Detects cloud infrastructure risks across major cloud providers.

Code

Secret Detection

Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...

Code & Containers

Open source license scanning

Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..

Code

Malware detection in dependencies

Prevents malicious packages from infiltrating your software supply chain.

Code

Infrastructure as code

Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.

Code & Containers

Outdated Software

Checks if any frameworks & runtimes you are using are no longer maintained.

Containers

Container image scanning

Scans your container OS for packages with security issues.

Custom

Connect your own scanner

Imports and auto-triages findings from your current scanner stack.

Aikido dashboard Aikido dashboard alert

Is Aikido's software pentested?

Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure our security is continuously tested by a wide range of experts.

Can I also generate an SBOM?

You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

Do I need to give access to my repos to test out the product?

When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.

I don’t want to connect my repository. Can I try it with a test account?

Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

Review

“If you're struggling to buy just one vulnerability scanning tool at an affordable price that checks the most boxes - this is the one I'd buy”

James Berthoty

Cyber Security Expert at latio.tech

Get started for free
No credit card required.
Aikido dashboardAuto Triggered Issues