Story
7 min read

How Visma went beyond SCA for its 180+ portfolio companies

Aikido helps us catch the blind spots in our security that we couldn’t fully address with our existing tools. It’s been a game-changer for us beyond just the SCA (Software Composition Analysis) solutions we originally brought them in for.

Nicolai Brogaard
Service Owner of SAST & SCA
Table Of Contents
TOC Item
Website
https://www.visma.com
Founded
1996
Industry
PE & Group Companies
Funding Raised
Headquarters
Oslo, Norway
Development Team Size
6,000 (spread across 180+ organizations)
180
Portfolio companies
6.000
Developers
100
Security Team members
1
SCA & SAST solution

A little while ago, we shared that Visma chose Aikido Security for its portfolio companies. Visma develops and delivers software to small businesses, medium businesses, and the public sector – improving the work-life of millions of people around the world. Their software simplifies and automates complex and manual work processes, empowering people's everyday lives.

Recently, we had the pleasure of having Nicolai Brogaard, Service Owner of SAST & SCA over in our Belgian headquarters. Visma develops and delivers software to small businesses, medium businesses, and the public sector – improving the work-life of millions of people around the world. Their software simplifies and automates complex and manual work processes, empowering people's everyday lives. Nikolai’s part of the security testing team at Visma, a large conglomerate with 180 portfolio companies. Visma is serious about security—it's something they focus on across the board. With 15,000 employees (6,000 of whom are developers) and a dedicated security team of 100 people, security is at the core of their operations.

These are his thoughts on the evolving security landscape, and the role Aikido plays in it.

Why Aikido? SCA and an all-in-one approach

At Visma, we’ve thought about building our own security tools, but we realized pretty quickly it wasn’t the best use of our resources. That’s where Aikido came in. They filled in the gaps that our existing tools, especially SAST (Static Application Security Testing), didn’t cover. With Aikido, we didn’t have to stretch ourselves thin developing tools from scratch.

It's all about Aikido's powerhouse Software Composition Analysis (SCA) – the ultimate tool for dependency scanning. Visma's companies will be able to continuously monitor their code, find the vulnerabilities that matter, and fix them in a heartbeat. Besides the SCA tool, Aikido's all-in-one platform offers solutions like SAST, bringing together best in class open-source solutions for Ruby, Python, Golang and PHP.

Regional Expertise Matters

Being based in the EU, it’s really important for us to work with vendors who understand the specific regulations we face—especially things like GDPR and data residency requirements. Aikido gets this. They know the ins and outs of EU regulations, which makes it much easier for us to comply with things like keeping data on national soil.

Aikido closely monitors European Cybersecurity & Privacy Legislation such as GDPR, NIS2, CRA, DORA, etc. Through Aikido’s reporting feature, tracking your company’s technical security compliance becomes dead simple.

How Visma Evaluates Security Software

When we look at new vendors, we go by the 80/20 rule: If a solution fits the needs of 80% of our portfolio companies, it’s worth considering. Aikido nailed that for us. Beyond just SCA, they provide additional features, like addressing security blind spots and helping with CSPM (Cloud Security Posture Management). These added benefits really sealed the deal for us.

Trying to reduce the noise that [other] tools actually generate – diving into the signal-to-noise ratio – is a nightmare. Aikido nailed that for us.

The Benefits of Aikido

Aikido hasn’t just enhanced our security posture—it’s also helped us uncover things we were missing with our previous tools. Initially, we brought them on for SCA, but we quickly realized they could do much more, especially in reducing the time and effort spent on dealing with false positives. Their auto-remediation feature is a huge time-saver for our teams. It cuts through the noise, so our developers can focus on what really matters.

Aikido's auto-remediation feature is a huge time-saver for our teams. It cuts through the noise, so our developers can focus on what really matters.

Smooth Transition

Visma's network is colossal and constantly growing, so software we use should not only strengthen our portfolio companies' security posture, but it should come hassle-free. In practical terms, Visma values onboarding simplicity, and Aikido delivers just that: fast, easy, and effective onboarding across Visma’s entire network.

At Visma, we have an internal security developer portal called Hubble, which makes onboarding new tools super straightforward. With Aikido, it was just a matter of integrating them into Hubble and giving our portfolio companies a gentle nudge to make the switch. Most companies transitioned quickly, and the rest follow over time as we track risk internally. Aikido’s API meshes seamlessly with Visma’s inventory management. So, with a few fiery clicks, Visma’s network can start using Aikido in no time.

What Visma Loves About Aikido

The best thing about Aikido? They’re super proactive. We have a shared Slack channel with them, and they’re always quick to respond and solve any issues our teams run into. It’s great to feel like we’re more than just a customer—they really care about making sure we’re getting the most out of their product.

Aikido isn’t just a vendor for us—they’re a true partner. Their responsiveness and dedication to helping us succeed make all the difference.

Aikido provides one centralized security group admin portal for all your accounts
Anonymized visual of Aikido’s Group Admin Portal

Visma’s security budgeting pain point

Brogaard points out, “Security tools cost way too much.”

Most similar platforms have a developer-focused pricing model, creating unpredictable costs and making budgeting an unnecessarily challenging and persistent headache. Consequently, for Visma, the pricing model becomes a high-priority security pain point. Considering Visma’s size and continual network expansion, ballooning costs and the unpredictability around budgeting become unsustainable.

Aikido Security solves Visma’s previous problematic pricing model pain with its unlimited users enterprise plan – a flat rate that is known upfront. No unknown costs = a huge advantage for budgeting.

Key Highlights:

  • Filling Security Gaps: Aikido shines a light on the blind spots our other tools miss.
  • Time-Saving Automation: The auto-remediation feature cuts down on noise, letting our developers focus on real issues.
  • Simple Onboarding: With Visma’s internal portal, getting companies on board with Aikido is a breeze.
  • Proactive Support: Aikido’s fast, responsive support via instant messaging platforms (like Slack) makes us feel like we’re in good hands.
  • Predictable pricing: Aikido uses pricing brackets with users & feature packs included. Transparent pricing, no hidden charges per user or for usage.
Download Case As pDF

Other great stories told by our customers

PE & Group Companies
Delivering SCA and beyond to 6,000+ developers.
View story
Visma
FinTech
Minimizing false-positives, while keepig GitHub as the single source of truth.
View story
Bound
HealthTech
Birdie's fastest time to resolution? 30 seconds.
View story
Birdie
Software Development
Marvelution weaves security into it's one-word business plan: "fun".
View story
Marvelution
HealthTech
Realizing efficiency gains, from one intuitive interface to pentests behind the login wall.
View story
Mediquest