Aikido
Start for Free
No CC required

Welcome to our blog.

Featured
Complying with the Cyber Resilience Act (CRA) using Aikido Security
We Got Lucky: The Supply Chain Disaster That Almost Happened
Top AI Coding Tools
Top AI Coding Assistants
Top AI Code Generators
duckdb npm packages compromised
npm debug and chalk packages compromised
Quantum Incident Response
Aikido for Students and Educators
Free hands-on security labs for your students
Without a Dependency Graph Across Code, Containers, and Cloud, You’re Blind to Real Vulnerabilities
Top Vibe Coding Tools
Popular nx packages compromised on npm
Vulnerability Management Tools 101: Best Platforms for DevSecOps Teams
Top Secret Scanning Tools
Continuous Pentesting in CI/CD
Using Generative AI for Pentesting: What It Can (and Can’t) Do
Manual vs. Automated Pentesting: When Do You Need AI?
Best Pentesting Tools
Best AI Pentesting Tools
Common Code Review Mistakes (and How to Avoid Them)
Continuous Code Quality in CI/CD Pipelines
Using AI for Code Review: What It Can (and Can’t) Do Today
Manual vs. Automated Code Review: When to Use Each
Code Quality: What Is It and Why It Matters
AI Code Review & Automated Code Review: The Complete Guide
Best AI Code Review Tools
WTF is Vibe Coding Security? Risks, Examples, and How to Stay Safe
AutoTriage Integration in IDE
Trag is now part of Aikido: Secure code at AI speed
Using Reasoning Models in AutoTriage
Why Securing Bazel Builds is So Hard (And How to Make It Easier)
Security-Conscious AI Software Development with Windsurf x Aikido
What Is AI Penetration Testing? A Guide to Autonomous Security Testing
How to Improve Code Quality: Tips for Cleaner Code
Code Review Best Practices: Make Good CRs Better
The Top 6 Best AI Tools for Coding in 2025
6 Pull Request Best Practices for Developers
The Best Code Quality Tools for 2025
The Best 6 Code Analysis Tools of 2025
The Top 8 Best Code Review Tools of 2025
Top 7 Graphite.dev alternatives for AI code review
Top 6 CodeRabbit Alternatives for AI Code Review
The Top 6 Best Static Code Analysis Tools of 2025
Introducing Safe Chain: Stopping Malicious npm Packages Before They Wreck Your Project
Veracode vs Checkmarx vs Fortify
Snyk Vs Mend
Sonarqube Vs Semgrep
Snyk Vs Semgrep
Sonarqube Vs Codacy
Snyk Vs Wiz
Checkmarx Vs Black duck
Snyk Vs Black Duck
Sonarqube Vs Github Advanced Security
Snyk Vs Veracode
Snyk vs Checkmarx: A Technical Leader’s Guide to Code Security Tools
Snyk Vs Github Advanced Security
Snyk Vs Trivy
Sonarqube Vs Coverity
SonarQube vs Fortify: The AppSec Showdown (and a Better Alternative)
Sonarqube Vs Veracode
Sonarqube Vs Sonarcloud
Snyk Vs Sonarqube
Sonarqube Vs Checkmarx
Harden Your Containers with Aikido x Root
Securing Legacy Dependencies with Aikido and TuxCare
10 Common Web Application Security Threats
Best Tools to Scan Open Source Dependencies in 2025
Top Virtual Machine Security Tools in 2025
Top Cloud Security Tools for Modern Teams
Top Surface Monitoring Tools in 2025
Top Automated Pentesting Tools Every DevSecOps Team Should Know
Secure Code in Your IDE, Now Free.
Seamless API Security with Postman x Aikido
The 'no nonsense' list of security acronyms
A deeper look into the threat actor behind the react-native-aria attack
Malicious crypto-theft package targets Web3 developers in North Korean operation
Active NPM Attack Escalates: 16 React Native Packages for GlueStack Backdoored Overnight
Zero day attack prevention for NodeJS with Aikido Zen
Introducing Aikido AI Cloud Search
Top Devsecops Tools in 2025
Top Web Application Security Tools
Top Continuous Security Monitoring Tools
Top Cloud-Native Application Protection Platforms (CNAPP)
Top Tools to Detect Malware in dependencies
Top Open Source License Scanners
Top API Scanners in 2025
Top Software Supply Chain Security Tools
Top Infrastructure as a Code (IaC) Scanners
Top AppSec Tools in 2025
Top Code Vulnerability Scanners in 2025
Top Container Scanning Tools in 2025
Understanding SBOM Standards: A Look at CycloneDX, SPDX, and SWID
Reducing Cybersecurity Debt with AI Autotriage
Vibe Check: The vibe coder’s security checklist
Top Ox Security Alternatives for ASPM and Supply Chain Risk
Looking for an Endor Labs Alternative? These Tools Do It Better
Top Checkmarx Alternatives for SAST and Application Security
Top DevSecOps Tools to Replace GitLab Ultimate’s Security Features
Top GitHub Advanced Security Alternatives for DevSecOps Teams
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
September 12, 2025
Vulnerabilities & Threats

We Got Lucky: The Supply Chain Disaster That Almost Happened

Eighteen widely used open source packages were compromised, downloaded billions of times and embedded across nearly every cloud environment. The community dodged a bullet. But this close call shows just how fragile our software supply chain really is.

#Malware

September 8, 2025
Vulnerabilities & Threats

npm debug and chalk packages compromised

The popular packages debug and chalk on npm have been compromised with malicious code

#Malware

September 5, 2025
Vulnerabilities & Threats

Without a Dependency Graph Across Code, Containers, and Cloud, You’re Blind to Real Vulnerabilities

Stop drowning in CVEs. Without a dependency graph across code, containers, and cloud, you’ll miss real vulnerabilities and chase false positives

#Dependencies

#SAST

#SCA

Subscribe to our changelog.
No spam, guaranteed.

Customer Stories

See how teams like yours are using Aikido to simplify security and ship with confidence.

See all

Compliance

Stay ahead of audits with clear, dev-friendly guidance on SOC 2, ISO standards, GDPR, NIS, and more.

See all

Guides & Best Practices

Actionable tips, security workflows, and how-to guides to help you ship safer code faster.

See all

DevSec Tools & Comparisons

Deep dives and side-by-sides of the top tools in the AppSec and DevSecOps landscape.

See all

Vulnerabilities & Threats

Cut through the noise with real-world CVE breakdowns, malware analysis, exploits, and emerging risks.

See all

Product & Company Updates

What’s new at Aikido—from product launches to big security wins.

See all
Cyber Resilience Act
Triaging
AutoTriage
Pentesting
Bazel
Code Quality
OWASP
NIS2
Legaltech
fintech
RASP
End of Life
SQL Injections
DAST
cnapp
cspm
aspm
Infrastructure as a Code IaC
Network Security Monitoring
License Scanners
SBOM
Container Scanning
AppSec
Vulnerabilities
Software Supply Chain Security
API
Dependencies
Continuous Security Monitoring
DevSecOps
Vibe Coding
AI
NPM
autofix
Malware
Article
open-source
SCA
intel
SOC 2
usecase
Tools
SAST
Compliance
CircleCI
Codeship
IMDSv2
Cloud
IMDSv1
SSRF
AWS
November 9, 2024
Guides & Best Practices

Continuous Code Quality in CI/CD Pipelines

Learn how to embed continuous code quality checks into CI/CD pipelines for secure and scalable software.

Tags/

#Continuous Security Monitoring

#Code Quality

November 8, 2024
Vulnerabilities & Threats

The State of SQL Injection

SQL injection also known as SQLi is one of the longest standing vulnerabilities still prominant today. This report reviews the trend of SQLi for 2024

Tags/

#Vulnerabilities

#SQL Injections

November 6, 2024
Customer Stories

Visma’s Security Boost with Aikido: A Conversation with Nikolai Brogaard

Explore how Visma enhances its security stance with Aikido's advanced features. Learn about the benefits of comprehensive risk management, ease of onboarding, and proactive support in an insightful discussion with Nikolai Brogaard.

Tags/

#usecase

October 10, 2024
Customer Stories

Security in FinTech: Q&A with Dan Kindler, co-founder & CTO of Bound

We sat down with Dan Kindler, co-founder of Bound, a FinTech company that minimizes currency risk and loss, to learn how they’re dealing with security.

Tags/

#usecase

#fintech

September 11, 2024
Product & Company Updates

Automate compliance with SprintoGRC x Aikido

Discover how SprintoGRC and Aikido can automate your compliance, ensuring fast and efficient process for standards like SOC 2 and ISO 27001 while minimizing developer workload. Use Aikigo to automate technical vulnerability management. Get continuous monitoring, automated workflows, and seamless integrations that let you focus on building your business.

Tags/

#Compliance

#SOC 2

September 10, 2024
Guides & Best Practices

Manual vs. Automated Code Review: When to Use Each

Compare manual vs automated code review, their strengths, and how to combine both for maximum impact.

Tags/

#AppSec

#Code Quality

September 2, 2024
Guides & Best Practices

SAST vs DAST: What you need to know.

Get an overview of SAST vs DAST, what they are, how to use them together, and why they matter for your application security.

Tags/

#SAST

#DAST

July 8, 2024
Product & Company Updates

Why we’re stoked to partner with Laravel

TL;DR Laravel helps PHP developers create their best work, now Aikido helps to secure it. Read all about becoming Laravel's preferred AppSec provider.

Tags/

#AppSec

June 27, 2024
Vulnerabilities & Threats

110,000 sites affected by the Polyfill supply chain attack

A critical supply chain attack has compromised over 110,000 websites via cdn.polyfill.io—remove it immedaitely to protect user data and app integrity.

Tags/

#Vulnerabilities

June 25, 2024
Guides & Best Practices

Cybersecurity Essentials for LegalTech Companies

ELTA, the European Legal Tech Association, gathered some of today's leading cybersecurity experts in a digital meeting room to share their expertise and insights on how to install a solid cybersecurity framework for LegalTech companies.

Tags/

#DevSecOps

#Legaltech

June 18, 2024
Product & Company Updates

Drata Integration - How to Automate Technical Vulnerability Management

Aikido and Drata integration automates technical vulnerability management. Prepare for SOC 2 and ISO 27001:2022. Reduce false positives and save money.

Tags/

#AppSec

#Vulnerabilities

June 11, 2024
Guides & Best Practices

DIY guide: ‘Build vs buy’ your OSS code scanning and app security toolkit

Yes, you can enhance your app security posture by patching together open-source code and container scanning tools—if you can handle the infrastructure.

Tags/

#Vulnerabilities

#open-source

#AppSec

Product & Company Updates
See all
See all
May 21, 2025
Product & Company Updates

Reducing Cybersecurity Debt with AI Autotriage

We dive into how AI can assist us in a meaningful way to triage vulnerabilities and get rid of our security debt.

May 12, 2025
Product & Company Updates

Container Security is Hard — Aikido Container AutoFix to Make it Easy

In this post, we’ll explore why updating base images is harder than it seems, walk through real examples, and show how you can automate safe, intelligent upgrades without breaking your app.

May 2, 2024
Product & Company Updates

We just raised our $17 million Series A

We've raised $17M to bring “no BS” security to devs. We’re happy to welcome Henri Tilloy from Singular.vc on board, who is again joined by Notion Capital and Connect Ventures. This round comes just 6 months after we raised $5.3M in seed funding. That’s fast.

Vulnerabilities & Threats
See all
See all
September 8, 2025
Vulnerabilities & Threats

npm debug and chalk packages compromised

The popular packages debug and chalk on npm have been compromised with malicious code

September 5, 2025
Vulnerabilities & Threats

Without a Dependency Graph Across Code, Containers, and Cloud, You’re Blind to Real Vulnerabilities

Stop drowning in CVEs. Without a dependency graph across code, containers, and cloud, you’ll miss real vulnerabilities and chase false positives

April 22, 2025
Vulnerabilities & Threats

XRP supply chain attack: Official NPM package infected with crypto stealing backdoor

The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.

DevSec Tools & Comparisons
See all
See all
May 30, 2025
DevSec Tools & Comparisons

Top Container Scanning Tools in 2025

Discover the best Container Scanning tools in 2025. Compare features, pros, cons, and integrations to choose the right solution for your DevSecOps pipeline.

May 9, 2025
DevSec Tools & Comparisons

Top SonarQube Alternatives in 2025

Explore top SonarQube alternatives for static code analysis, bug detection, and clean code in 2025.

May 1, 2025
DevSec Tools & Comparisons

Top Dynamic Application Security Testing (DAST) Tools in 2025

Discover the best Dynamic Application Security Testing (DAST) tools in 2025. Compare features, pros, cons, and integrations to choose the right DAST solution for your DevSecOps pipeline.

Guides & Best Practices
See all
See all
September 2, 2024
Guides & Best Practices

SAST vs DAST: What you need to know.

Get an overview of SAST vs DAST, what they are, how to use them together, and why they matter for your application security.

August 10, 2023
Guides & Best Practices

Aikido’s 2025 SaaS CTO Security Checklist

Don't be an easy target for hackers! Find out how to secure your SaaS company and keep your code and app 10x more secure. Over 40 vulnerabilities and tips.

July 11, 2023
Guides & Best Practices

How to build a secure admin panel for your SaaS app

Avoid common mistakes when building a SaaS admin panel. We outline some pitfalls and potential solutions specifically for SaaS builders!

Get secure for free

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start for Free
No CC required
Book a demo
No credit card required |Scan results in 32secs.