Flat-rate pricing.
How many users will need access to Aikido?
- Up to 10 repos, 2 containers, 1 domain, 1 cloud account
- 5 AI SAST Autofixes / month
- Up to 100 repos, 25 containers, 3 domains, 3 cloud accounts
- 50 AI SAST Autofixes / month
- Up to 250 repos, 50 containers, 15 domains, 10 cloud accounts & 5 virtual machines
- 200 AI SAST Autofixes / month
"Best value for money"
“Best value for money. Coming from Snyk, it was too expensive and Aikido has better SAST capabilities. The mechanism that prevents false positives is superb”
“Aikido are truly pulling off the impossible”
“I thought 9-in-1 security scanning was more marketing than reality, but Aikido are truly pulling off the impossible with a commitment to openness that I haven't seen before.”
We understand that you, as an agency, need to protect your margins. We also understand that you have many code repositories and git orgs, across multiple customers. Hence our custom offering for agencies.
To make security more accessible for startups, we're offering discounts of up to 30%
Eligibility: you raised less than $1.5M in funding & are less than five years old or are a nonprofit organization.
We understand that you, as an agency, need to protect your margins. We also understand that you have many code repositories and git orgs, across multiple customers. Hence our custom offering for agencies.
To make security more accessible for startups, we're offering discounts of up to 30%
Eligibility: you raised less than $1.5M in funding & are less than five years old or are a nonprofit organization.
Just try it yourself
FAQ
Is Aikido's software pentested?
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
Can I also generate an SBOM?
You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
Do I need to give access to my repos to test out the product?
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
I don’t want to connect my repository. Can I try it with a test account?
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
FAQ
Does Zen require agents?
No! Unlike others, Zen by Aikido integrates directly into your application with no need for external agents. Deployment is as simple as adding a single line of code (importing a package), so you’re up and running in mere minutes. This approach is fast, lightweight, and far less intrusive!
Do I need to list Aikido as a subprocessor?
User tracking is fully optional and off by default. Should you choose to track users, and share personal identifiable information (PII) rather than just IDs, you will be required to list Aikido Security as a subprocessor.
Is Aikido's software pentested?
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
Is Zen compatible with various databases and third-party services?
Right now, Zen by Aikido works seamlessly with popular databases like MySQL, MongoDB, and PostgreSQL. It is compatible with ORMs and database drivers across different languages, such as TypeORM for Node.js and SQLAlchemy for Python. We have full support for Python and Node.js, and support for Ruby and PHP is coming soon. Have a specific language, driver, or package in mind? Let us know, and we’ll prioritize it.
What is the performance impact of implementing Zen Firewall in my application?
Honestly, it's tiny. We're talking minuscule overhead for most apps. We're obsessed with performance and constantly benchmark Zen to make sure it stays lightning fast. Need hard numbers for your use case? Just run some tests based on our benchmarks.
It's open source, but what if I run into issues or have specific questions? Where can I get help?
You're not on your own. We have a growing community of developers and security folks using Zen. Don’t hesitate to open a GitHub issue – we're committed to making this project a success, and that includes support.
How do I know Zen is actually working? Can I monitor blocked attacks and get detailed reports?
Seeing is believing. Zen logs blocked attacks with all the juicy details: what the attack looked like, where it came from, etc. We're working on dashboards and integrations to make this info even more accessible.
Monkey-patching sounds risky—will it break my app's functionality or create unforeseen conflicts?
Monkey-patching gets a bad rap. Done right, it's a clever and efficient way to add functionality. Zen targets a very specific area of your code, monitoring all outgoing traffic to databases and 3rd party APIs. We've rigorously tested it to make sure it plays nice with common setups. We even tested with OpenTelemetry in the background, which didn't create any conflicts. Still worried? Try it in a test environment first.
Why does Zen give me less false positives/negatives than WAF?
Traditional WAFs are like security guards at the gate. They only see what comes in, not what goes on inside your building (your app). Zen is the security guard inside, watching both the front door AND how people move around once they're in. Because it sees the whole picture – the user input AND your app's database requests – it can tell the difference between a legitimate (but weird-looking) customer and a thief trying to be sneaky. Less false alarms, less real threats slipping through.
How can one tool autonomously block so many threats without impacting performance?
We get it. It sounds too good to be true. Zen’s magic is in three things:
- it is a library inside your app,
- it monitors both incoming user input and outgoing connections (to databases or 3rd party services)
- it doesn't rely on giant rule lists. This laser focus lets it protect you with almost zero performance overhead.
I don’t want to connect my repository. Can I try it with a test account?
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
What happens to my data?
We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.