At a glance
- Unified application security and cloud security in one platform
- Secured 139 repositories, 246 containers, and 66 virtual machines
- Consolidated GitHub Advanced Security, dependency scanning, and cloud tooling into one system
- Reduced CI workflow maintenance across nearly 200 repositories
- Added visibility into cloud posture, IaC risks, and VM vulnerabilities
Challenge
SGNL AI builds identity and access security infrastructure used by enterprise environments. As the company scaled its platform and engineering organization, security coverage became fragmented across multiple tools.
Initially, SGNL relied on GitHub Advanced Security and Dependabot to detect dependency vulnerabilities, along with container scanning in CI pipelines. That provided basic application security coverage, but visibility into other areas, especially cloud infrastructure, remained limited.
“We had GitHub Advanced Security and Dependabot, which gave decent coverage. We also had Trivy running in most of our pipelines,” says Brooks Lowe, Product Security Engineer at SGNL AI. “But we didn’t really have anything for malware detection.”
– Brooks Lowe, Sr Principal Security Engineer, SGNL
As the infrastructure footprint grew, cloud security became a bigger concern. SGNL was running containerized workloads and virtual machines while managing infrastructure through code. At the same time, cloud-native security tools introduced additional complexity and cost.
Maintaining visibility across that environment, while also managing CI-based scanning workflows across nearly 200 repositories, was becoming difficult for a small team.
“We have nearly 200 repositories. Managing custom workflows and pipelines for security scanning is a pain.”
SGNL needed a way to simplify both developer security and cloud security without adding yet another platform to maintain.
A developer-led selection
When Brooks Lowe joined SGNL AI, one of his first priorities was consolidating the company’s security stack. He needed a platform that could scale across both application development and cloud infrastructure while remaining easy to operate.
Aikido initially caught his attention while reading about a supply chain attack involving a malicious open source package.
“Rather than going through thousands of SBOMs, it was just one click to see if we actually had the package involved in the attack.”
Aikido initially stood out for its application and supply chain security capabilities. But during evaluation, Lowe realized the platform also addressed several cloud security challenges the team had been struggling with.
“Once we found out Aikido had CSPM features and VM scanning as well, that was a big win for us.”
That mattered because SGNL was operating across multiple cloud environments, each with its own accounts and configurations. Managing cloud security across those environments required juggling different tools, dashboards, and workflows.
With Aikido, that complexity disappeared.
“We no longer had to look at 2 to 3 cloud environments separately for security. It’s much easier to manage by just deploying connectors in the Aikido UI.”
Beyond visibility, consolidation also reduced the need for multiple cloud-native security solutions.
Instead of combining separate tools for application security, infrastructure security, and cloud posture management, SGNL could bring everything into a single platform.
Solution
SGNL AI deployed Aikido across its development environments and cloud infrastructure. Today, the platform monitors:
- 139 repositories
- 246 containers
- 66 virtual machines
Aikido also simplified how SGNL manages cloud security across environments. Instead of configuring and maintaining separate tooling per cloud account, the team can onboard and monitor environments through a single interface using lightweight connectors.
Instead of managing security through a collection of CI tools and cloud-native scanners, SGNL now operates security through a centralized platform. Aikido provides coverage across both the software development lifecycle and cloud infrastructure, including:
- Application security scanning for proprietary code
- Open source dependency analysis and malicious package detection
- Container vulnerability scanning
- Infrastructure-as-Code security checks
- Cloud security posture management (CSPM)
- VM vulnerability scanning
This gives SGNL visibility across code, containers, and infrastructure without needing to maintain multiple scanning pipelines.
Why SGNL AI chose Aikido
SGNL evaluated several approaches to improving security visibility across its environment.
Some platforms the team looked at, including Wiz, focus primarily on cloud infrastructure security, providing detailed insights into cloud resources and configuration risks. While strong in that domain, those tools often require additional products to cover application security, dependency scanning, and developer workflows.
SGNL needed a platform that addressed both sides of the problem.
Aikido stood out because it unified application security, supply chain security, and cloud posture management in one system.
For SGNL, this meant:
- fewer tools to manage
- fewer CI pipelines to maintain
- clearer visibility across both the software supply chain and cloud infrastructure
Instead of deploying separate platforms for AppSec and cloud security, SGNL could manage everything through a single system.
Results
With Aikido in place, SGNL gained consistent visibility across its applications, containers, and cloud infrastructure.
Security investigations that previously required manual dependency analysis can now be completed instantly.
“Instead of digging through thousands of dependencies, it’s just a click to see if we’re affected.”
The platform also reduced the operational overhead of managing CI-based scanning workflows across hundreds of repositories, while adding deeper visibility into cloud infrastructure risks.
For a lean security team supporting a growing engineering organization, this combination of AppSec and cloud security coverage significantly simplified day-to-day operations.
Looking ahead
In line with SGNL’s growth, the company continues to scale its engineering and infrastructure footprint. With Aikido in place, SGNL has a platform that secures both its development pipeline and its cloud environments from a single place.
By consolidating application security, supply chain visibility, and cloud posture management, SGNL can continue growing its platform without expanding its security toolchain.
