Review
“Aikido makes your security one of your USPs thanks to their integrated automated reporting solution, which helps for ISO & SOC2 certification”
Fabrice G, Managing director at Kadonation
Software Composition Analysis (SCA)
Detects vulnerabilities, malware, end-of-life runtimes & OSS licenses.
Scanners under the hood
Trivy
Syft
Grype
Custom Rules
Built for
GitHub
Bitbucket
GitLab
Azure DevOps
GitLab Self-Managed
Local Scanning
Importance of SCA
Open source tools don't always support all languages. Aikido combines multiple scanners to fix all gaps. (For example, Aikido supports .csproj files out of the box)
Check language support
Open source projects tend to be hard to set up and keep running flawlessly. Aikido fixes any issues and keeps your scans going. On top of that, you're able to easily see if you're missing lockfiles.
Features
Aikido checks if you're using a certain function. If not, it's clearly a false positive and it's automatically triaged.
Read our docs
When Aikido finds a vulnerability, it will report these issues as one issue. Unlike other scanners that will overload you with many separate issues if the affected function is found multiple times.
Aikido's auto-ignore rules filter out false positives. On top of that, you can feed Aikido with information to automatically adapt severity scores. (What's staging/production? What resources you consider critical?)
Read how Aikido reduces the noise
No need to do CVE research. Aikido gives you the TL;DR, tells you how you're affected & how you can most easily remediate security issues or even auto-fix them.
Learn more
Built on reliable open source security scanners, all combined in one platform. Enhanced with our own code to cover any scanning gaps.
Cloud
Detects cloud infrastructure risks across major cloud providers.
CloudSploit
AWS Inspector
Custom Rules Engine
Code & Containers
Continuously monitors your code for known vulnerabilities, CVEs and other risks.
Trivy
Syft
Grype
Custom Rules Engine
Code
Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...
Gitleaks
Code
Scans your source code for security risks before an issue can be merged.
Bandit
Semgrep
Gosec
Brakeman
Custom Rules
Code
Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.
Checkov
Containers
Scans your container OS for packages with security issues.
Syft
Grype
AWS Inspector
Custom Scanner
Domain
Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.
ZAP
Nuclei
Custom Rules
Code & Containers
Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..
Syft
Grype
Custom Rules
Code
Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.
Phylum
Code & Containers
Checks if any frameworks & runtimes you are using are no longer maintained.
endoflife.date
Custom
Imports and auto-triages findings from your current scanner stack.
GitHub Advanced Security
SonarQube
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
Of course! When you sign up with your git, just don’t give access to any repo & select the demo repo instead!
We can’t & won’t, this is guaranteed by read-only access.
Trusted by teams at over 1,000 of the world’s leading organizations
Review
Fabrice G, Managing director at Kadonation