Aikido
Start for Free
No CC required
PlatformCode
License Risk

Manage Open-Source License Risk & SBOMs

Identify risky open-source licenses in your dependencies and generate SBOMs for compliance.

Start for Free
No CC required
Book a demo
Your data won't be shared · Read-only access · No CC required
Trusted by 50k+ orgs
|
Loved by 100k+ devs
|
4.7/5
Importance of License Risk

Why License Scanning Matters

Some open-source licenses have clauses that could force you to open-source your own code. It’s crucial to ensure none of your dependencies carry licenses that threaten your business’s IP. License scanning also prepares you to provide SBOMs during security audits.

Get an Overview on License Risk

Get a complete overview of all licenses in use and the risk associated with each.

Easily Export SBOMs

Export a CycloneDX SBOM with one click (or a CSV list, if needed).

Features

License scanning features

Generate SBOMs instantly

Security audits often demand a full SBOM. Aikido lets you analyze, review, and export your software bill of materials anytime - in CycloneDX, SPDX, or CSV formats - with built-in VEX analysis to assess real exploitability.

Start for free

Actionable license insights

License noise is overwhelming. Aikido filters the signal using an LLM-powered engine and multiple data sources to score severity. Risky licenses rise to the top—so you can act fast, assign tasks, and clean up your SBOM as you go.

Start for free

Flexible license risk controls

Easily adjust how license risk is scored. You can mark certain licenses as “internal” to filter them out of your reports.

Start for free

No legal jargon, just license facts

Aikido’s vetted license database translates complex legal jargon into plain, actionable language. Quickly understand each license’s obligations and risks.

Start for Free

Full license coverage, including containers

Most license tools only scan your repositories. Aikido gives you full coverage by scanning the licenses inside your container images as well.

Start for Free

Meet software compliance standards

Regulators are increasingly focused on software transparency. Aikido makes it easy to generate SBOMs (Software Bill of Materials) to meet key compliance requirements around software supply chain security.

Start for Free

Clear copyright attribution

Automatically includes accurate copyright info for every component—so legal teams can review, verify, and comply without digging through source files.

Start for Free

“Aikido makes your security one of your USPs thanks to their integrated automated reporting solution, which helps for ISO & SOC2 certification”

Fabrice GManaging director at Kadonation

GEA switched from Sonarqube to Aikido
No items found.
Faq

FAQs about open source license security

Can I also generate an SBOM?

Yes - you can export a full SBOM in CycloneDX, SPDX, or CSV format with one click. Just open the Licenses & SBOM report to see all your packages and licenses.

Can I try Aikido without giving access to my own code?

Yes - you can connect a real repo (read-only access), or use our public demo project to explore the platform. All scans are read-only and Aikido never makes changes to your code. Fixes are proposed via pull requests you review and merge.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

I don’t want to connect my repository. Can I try it with a test account?

Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!

Has Aikido itself been security tested?

Yes — we run yearly third-party pentests and maintain a continuous bug bounty program to catch issues early.

Secure your open source license risks

Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.

Start Scanning
No CC required
Book a demo
Aikido Security Platform

Your Complete Security HQ

Aikido Code

AI Autofix

Static Code Analysis (SAST)

Learn more

Secrets Detection

Learn more

Malware Protection

Learn more

AI Autofix

Infrastructure as Code

Learn more

Code Quality

Learn more

Containers

AI Autofix

Open Source Dependencies (SCA)

Learn more

Open Source License Risks

Learn more

Outdated Software

Learn more

Container images

Learn more

Aikido Cloud

Cloud Misconfigurations

Learn more

Virtual
Machine Scanning

Learn more

Hardened Images

Learn more

Coming soon

Container & K8s Runtime Scanning

Learn more

Aikido Attack

AI Pentesting

Learn more

Authenticated DAST

Learn more

API Discovery & Fuzzing

Learn more

Continuous Pentests

Learn more

Attack Surface

Learn more

Aikido Protect

Runtime Protection

Learn more

Device Protection

Learn more

Bot Protection

Learn more