At a glance
- Consolidated multiple security tools into one unified AppSec and Cloud Security platform
- Integrated across 95 repositories, 31 container registries, and 9 cloud environments
- Supports developers working across Ruby, Python, and containerized services
- Strengthens software supply chain security and dependency visibility
- Replaced scattered security tooling, including Dependabot and Detectify
Challenge
As HeyJobs, the company behind the growing recruitment platform, scaled its engineering organization, security tooling began to grow organically alongside it. Different teams relied on different systems for monitoring dependencies, scanning code, or generating security alerts. While these tools each addressed parts of the problem, they created a fragmented security workflow that was increasingly difficult to manage.
Security insights were spread across multiple platforms, each producing its own alerts and dashboards. Engineers had to move between systems to understand risks, correlate issues, and decide what needed attention. This slowed down vulnerability triage and made it harder to maintain a consistent overview of the company’s security posture.
Boris Diebold, CTO at HeyJobs, describes how the environment looked before adopting Aikido:
“We had all kinds of different scattered tools; we used Dependabot, a separate tool for security alerts, and some in-house tools”.
Over time, the sprawl of tools introduced additional complexity and overhead. Each product required its own configuration, workflows, and alert management, making it harder for teams to stay focused on the most important security issues.
As Boris explains:
“It's always hard to manage the sprawl, with all of these different tools.”
Aikido’s 2026 State of AI in Security & Development report found that security tool sprawl correlates with more incidents.
HeyJobs began looking for a way to simplify how vulnerabilities were surfaced and managed, while still maintaining strong security coverage across their systems.
Solution: A platform built to provide context
During their evaluation process, the HeyJobs team explored several application security tools, including Snyk. Many solutions focused heavily on specific areas of security, such as dependency scanning or infrastructure analysis. While these tools offered strong capabilities within individual domains, adopting them often meant adding yet another product to the existing security stack.
For HeyJobs, the goal was not simply introducing another scanner but improving how security insights were delivered to engineers and leadership. The team wanted a platform that could consolidate vulnerability signals from across the development stack and present them in a way that made it easier for teams to act on them.
As Boris explains:
“We wanted to have all signals into one platform, so we wouldn’t need another 10 different tools and another tool on top to manage the signals.”
Aikido stood out because it brought these signals together into a single environment. Instead of managing multiple dashboards and alerting systems, the engineering organization could view risks across code, containers, and infrastructure from one interface. This made it significantly easier to understand which issues required attention and how they should be addressed.
The consolidated view also gave leadership a clearer overview of the organization’s security posture. Reports and metrics provided a high-level perspective on vulnerabilities while still allowing engineers to dive into the technical details needed to resolve them.
Implementation
HeyJobs initially introduced Aikido by connecting a small number of repositories as a proof of concept. The goal was to evaluate how well the platform could surface security insights and integrate with existing engineering workflows.
The value of the platform became clear quickly.
“That's basically how we started off initially. We had a very good run, I would say, initially connecting a few repos for a trial period, seeing immediate benefits”, said Boris.
Following the successful evaluation, HeyJobs gradually expanded the rollout across the engineering organization. Today the platform monitors 95 repositories, 31 container registries and nine connected cloud environments, while also tracking multiple domains and APIs. It integrates directly with the company’s GitHub environment and feeds alerts into operational tools such as PagerDuty so that critical issues can be surfaced quickly.
Aikido’s remediation capabilities also played an important role in adoption.
Rodrigo Oliveira, Team Lead for Cloud Infrastructure and Security, highlights the impact of this capability:
“In particular, the platform’s AutoFix functionality allows certain vulnerabilities to be resolved automatically or with minimal manual effort from developers.”
By combining detection, prioritization, and remediation guidance within the same platform, Aikido enabled HeyJobs to move from scattered alerts to a clearer and more actionable security workflow.
Why HeyJobs chose Aikido
HeyJobs selected Aikido because it:
- Consolidates multiple security signals into one unified platform
- Provides broad coverage across code, containers, and cloud infrastructure
- Delivers clear vulnerability prioritization and remediation guidance
- Includes AutoFix capabilities that reduce manual developer effort
- Helps manage software supply chain risks and dependency vulnerabilities
- Offers an intuitive developer experience that drives adoption
Results
Reduced attack surface
One of the most important outcomes of implementing Aikido has been a reduction in the potential impact of vulnerabilities across HeyJobs’ systems. Continuous monitoring across repositories, containers, and cloud configurations enables issues to be identified earlier and addressed before they spread across services or environments.
Rodrigo Oliveira describes the improvement in practical terms:
“I would say that the blast radius impact that our applications have right now is significantly smaller.”
Earlier visibility allows teams to respond faster when vulnerabilities appear and reduces the likelihood that security weaknesses remain unnoticed for long periods of time. This proactive approach has helped the company strengthen its overall security posture while maintaining development velocity.
Increased developer awareness
Another important outcome has been increased security awareness among developers. By presenting vulnerabilities with clear explanations and remediation guidance, Aikido helps engineers understand the impact of security issues and how they should be addressed. This visibility gradually changes how teams approach development decisions. Over time, developers become more aware of common risks in areas such as container configurations, dependency versions and infrastructure setups.
Rodrigo Oliveira illustrates this with a practical example from everyday development work:
“Now it's clear to all that perhaps a Docker image with root access wouldn't be a great thing.”
Insights like these encourage engineers to adopt safer defaults and improve security practices across the organization without introducing friction into development workflows.
Clear vulnerability prioritization
Many security tools generate large volumes of alerts without clearly explaining their impact or how they should be fixed. This often forces engineers to spend time investigating issues before they can determine whether they are truly important. Aikido addresses this challenge by providing additional context around vulnerabilities, including their severity, potential impact, and recommended remediation steps. This allows developers to quickly understand which issues require attention and how they should be addressed.
Rodrigo Oliveira explains the difference this makes:
“Some tools lack information on how to fix a vulnerability and the potential impact, but with Aikido we know what to expect.”
With clearer prioritization and remediation guidance, HeyJobs engineers are able to focus their efforts on the vulnerabilities that matter most.
Stronger supply chain security
For the HeyJobs leadership team, software supply chain security remains one of the most critical areas of concern. Modern applications rely heavily on open-source dependencies, and vulnerabilities within those dependencies can quickly affect multiple services. Aikido provides deeper visibility into these risks by analyzing dependency trees and identifying vulnerabilities across both direct and transitive dependencies. This allows the team to quickly determine whether newly disclosed vulnerabilities affect their systems and how urgent remediation may be.
Boris summarizes the importance of this capability:
“I think one of the key issues that makes it difficult to sleep at night are supply chain management attacks.”
With improved visibility into dependency vulnerabilities and supply chain risks, the team now has greater confidence that these threats can be detected and addressed quickly.
.png)
How HeyJobs is expanding its use of Aikido
Already using
- Aikido Code (SAST, SCA, supply chain vulnerability detection, more)
- Aikido Cloud (CSPM, Container security scanning, more)
- AutoFix remediation capabilities
Evaluating next
Security metrics that drive improvement
Aikido also provides HeyJobs with meaningful security metrics that help track improvements across the engineering organization. These insights allow leadership teams to monitor how vulnerabilities evolve over time and measure progress against internal security goals.
Security metrics generated by the platform are reviewed regularly and used to evaluate how effectively teams are addressing vulnerabilities across their services. This data-driven approach helps the organization treat security as a measurable engineering discipline rather than an abstract objective.
Final verdict
For HeyJobs, Aikido has become a central component of its security strategy. By bringing vulnerability insights into a single platform, the company has gained clearer visibility into security risks while reducing the operational overhead associated with managing multiple tools.
Developers benefit from clearer remediation guidance and automation features such as AutoFix, while leadership gains a comprehensive view of the organization’s security posture. This combination allows HeyJobs to scale its engineering organization while maintaining a proactive and well-managed security program.
