Dependency issues are easiest to address when they show up directly in the development workflow. With this release, we’re bringing the full SCA workflow into the Aikido IDE extension, combining in-editor scanning with the ability to apply safe upgrades through AutoFix. Developers can detect vulnerable packages and resolve them without switching tools or breaking focus.
Our goal across product, engineering, and security remains the same: shorten the distance between identifying an issue and acting on it.
Why bring SCA into the IDE
From product and engineering discussions, the reasoning has been clear. Developers need to surface dependency issues earlier, resolve them without switching tools, reduce the noise that comes from late findings in CI, and keep the workflow as close to the code as possible. SCA has traditionally lived outside the development loop, often discovered after the work has moved on. Bringing it into the IDE puts these issues in the right place and time and reduces the gap between identifying an outdated or vulnerable package and taking action, especially now that fixes can be applied in the same workflow through AutoFix.
How it works
- Aikido reads your dependency manifests and lockfiles to build an accurate list of packages and versions
- Results include known CVEs, severity, affected versions, and safe upgrade ranges
- After you run a manual SCA scan once, the extension watches your workspace for lockfile changes and refreshes the results automatically
To run a scan:
- Open the Aikido sidebar in VS Code
- Go to Open-source dependencies
- Click Start scanning
- Select a package to view details, advisories, and fix guidance
- Each finding shows the minimum safe version or version ranges that resolve the issue
- In supported ecosystems, AutoFix can update the manifest or apply the safe version bump directly from the IDE
This keeps detection and remediation in one place. Scan and fix now happen inside the editor instead of across multiple tools.
What this unlocks
With SCA available in the IDE, dependency checks become:
- earlier, before CI
- quicker, with no switching to separate tools
- clearer, with issues and fix guidance side by side
- actionable, with AutoFix in supported VS Code ecosystems
For engineering teams, this reduces dependency drift and the backlog of late fixes. For security teams, issues are discovered and resolved with less noise and fewer handoffs.
SCA everywhere developers work
Bringing the full SCA workflow into the IDE is part of a broader effort to surface essential checks where developers already write and ship code. The goal is to keep security signals fast, accurate, and close to the work. This now includes scanning dependencies and applying safe upgrades with AutoFix in the same place. We will continue expanding ecosystem coverage and improving the in-editor experience. The direction is simple: keep security close to the work and make it easier for teams to act on what they see.
Try SCA free in your IDE → https://help.aikido.dev/ide-plugins/features/open-source-dependency-scanning-sca-in-ide
.avif)
