Review
“Aikido makes your security one of your USPs thanks to their integrated automated reporting solution, which helps for ISO & SOC2 certification”
Fabrice G
Managing director at Kadonation
License Risk
Importance of License Risk
Get a full overview of the licenses you’re using & the risk associated with them.
Export a CycloneDX SBOM with one click, or just use CSV.
Features
Security audits typically require providing an SBOM. Aikido makes it easy to analyze this list in advance & generate it whenever required. You're able to create an SBOM of containers as well.
Aikido allows you to easily analyze and adapt the license risk scoring. On top of that, you can mark licenses as internal, to filter them out of the list.
One security platform, covering you from code to cloud.
Cloud
Detects cloud infrastructure risks across major cloud providers.
Code & Containers
Continuously monitors your code for known vulnerabilities, CVEs and other risks.
Code
Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...
Code
Scans your source code for security risks before an issue can be merged.
Code
Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.
Containers
Scans your container OS for packages with security issues.
Domain
Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.
Code & Containers
Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..
Code
Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.
Code & Containers
Checks if any frameworks & runtimes you are using are no longer maintained.
Custom
Imports and auto-triages findings from your current scanner stack.
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
We can’t & won’t, this is guaranteed by read-only access.
Trusted by development teams around the world
Review
Fabrice G
Managing director at Kadonation