At a glance
- Consolidated DAST and SAST into one platform
- Integrated findings directly into Slack, Linear and Vanta
- Established a weekly meeting to review and close findings
- Reduced noise to a level the team could realistically manage
- Aikido replaced Tenable for DAST and GitHub Advanced Security for SAST
Challenge
Render’s security team covers application security, cloud security and compliance across the organization. With around 50 developers working across roughly 30 active repositories, the team needs tooling that provides consistent coverage without creating constant maintenance work.
“We’re responsible for internal security: Application security, cloud security, compliance. A bit of everything.” said Sean Doughty, Engineering Manager of the Security Team at Render.
Before adopting Aikido, Render used Tenable for DAST and GitHub Advanced Security for SAST. Both tools were technically capable. However, the friction showed up in how they fit into everyday engineering work. The organization lacked integration with Linear or Slack, reducing visibility for engineers. It also made triaging more difficult. Meanwhile, it had been difficult for the team to run scans across all of its repos. For a small team with broad responsibilities, sustaining that level of overhead became difficult.
Rethinking consolidation
Render initially evaluated Aikido for DAST. The original goal was narrow: find a tool that integrated better with the systems engineering already used.
“When I turned on DAST, I thought, let’s see what the SAST looks like too. It was a couple clicks to connect a repo, ” Sean said.
That early experience shifted the conversation internally. Instead of viewing DAST and SAST as separate categories that required separate tools, the team began looking at the broader operational picture. Maintaining two platforms meant two workflows, two sources of truth and two systems to keep configured correctly across dozens of repositories. For a small team, that fragmentation added friction.
“With Aikido, it kind of just worked and it has continued to work for several months," said Sean.
The reliability made consolidation feel less risky. Running both DAST and SAST in a single platform reduced the number of systems the team needed to manage and eliminated repository-level scan configuration. New repositories could be added without repeating setup steps or maintaining scanning logic in multiple places. Over time, Render moved both functions into Aikido.
What changed in practice
The most noticeable difference was how findings fit into daily workflow.
“I really think the integrations are probably the most important - It connects to Slack, Linear, Vanta.”
Slack and Linear are where engineering conversations happen and work is tracked. With Aikido integrated directly into those systems, findings appear in context rather than in a separate dashboard that requires active monitoring. From an operational perspective, this has changed how the team reviews and resolves issues. Alex Curtiss, security engineer at Render, manages much of the day-to-day Aikido usage and has managed to change the weekly review session focused on closing findings to an async approach as a result of the integrations. Because findings are already connected to Linear and Slack, follow-up happens within the same systems engineers use for product work. The weekly cadence works because the volume is manageable.
“There was a lot more volume previously. Aikido comes in at a pace that we can handle.
That difference has made it realistic to maintain a steady review process rather than letting issues accumulate. Onboarding has also been simpler.
"This is a tool where we have our whole engineering team assigned. They can get in really easily when they join."
Broad access makes it easier to distribute security responsibility across the organization.
Supporting customer conversations
Security at Render also involves responding to customer questions about scan coverage and controls. When customers request evidence, the team needs to provide it quickly.
“We’ve had a customer question about something and we’ve just gone in and created a security audit report. Checked a few of the boxes of the stuff they’re asking for and then shipped it over.”
With DAST, SAST and cloud findings visible in one place, generating those reports no longer requires pulling information from multiple tools.
Conclusion
Render’s decision to consolidate its security tooling was driven by operational realities. Running separate systems required manual setup, coordination and context switching that a small team could not sustain indefinitely.
“We had powerful software but having something connected to our other tools and that engineers actually use is much better.”
By consolidating DAST and SAST into one platform, integrating findings into Slack and Linear and establishing a weekly review cadence, Render made application security part of regular engineering work.
