Review
“The license scanning has saved me a lot of headaches, letting me know if there are any hidden dangers in the licenses I'm using.”
Jonathan V
Software Engineer at XEOS
Software Bill of Materials
Generate your SBOM
Strengthen security by tracking components, identifying vulnerabilities, and ensuring compliance.
- Get a full overview of the licenses you’re using
- Detect license risk through license scanning
- Export SBOMs in CycloneDX, SPDX or CSV
Your data won't be shared · Read-only access · No CC required
.png)
How it works
1. Connect your repositories
Connect your git and give access to the repositories you'd like to analyse.
2. Triage Licenses
Get a full overview of the licenses you’re using & the risk associated with them. Analyse the risk level.
3. Export SBOM
Export a CycloneDX, SPDX or CSV SBOM with one click.
Features
License scanning & SBOM creation
Create SBOMs
Security audits typically require providing an SBOM. Aikido makes it easy to analyze this list in advance & generate it whenever required. Export in CycloneDX, SPDX or CSV.
Adjust & triage license risk
Aikido scans licenses. You can analyze and adapt the license risk scoring model to create accurate reporting. Mark licenses as "internal" to filter them out of the list.
Scans Containers
Many SBOM scanners will only scan for licenses inside of your repos. Aikido gives you fill coverage by scanning your containers too.
Aikido's other scanners
Built on reliable open source security scanners, all combined in one platform. Enhanced with our own code to cover any scanning gaps.
Code & Containers
Open source dependency scanning (SCA)
Continuously monitors your code for known vulnerabilities, CVEs and other risks.
Code
Static code analysis (SAST)
Scans your source code for security risks before an issue can be merged.
Leverages
Semgrep
Gosec
Custom Rules
Domain
Surface monitoring (DAST)
Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.
Cloud
Cloud posture management (CSPM)
Detects cloud infrastructure risks across major cloud providers.
Code
Secret Detection
Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...
Code & Containers
Open source license scanning
Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..
Code
Malware detection in dependencies
Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.
Code
Infrastructure as code
Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.
Code & Containers
Outdated Software
Checks if any frameworks & runtimes you are using are no longer maintained.
Containers
Container image scanning
Scans your container OS for packages with security issues.
Custom
Connect your own scanner
Imports and auto-triages findings from your current scanner stack.
Trusted by development teams around the world
.svg){kind=icon}
FAQ
More to explore
Is Aikido's software pentested?
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
Can I also generate an SBOM?
You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
Do I need to give access to my repos to test out the product?
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
I don’t want to connect my repository. Can I try it with a test account?
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
More to explore
Get started for free
No credit card required.
