Review
“As a software agency that builds custom software for our clients, it's important to keep vulnerabilities out of our code. Aikido does that job perfectly”
Manu D.B.
CTO at We Are
Software Supply Chain Security
Scanners under the hood
Phylum
Importance of Malware Scanning
With malware infections, speed is of the essence. Aikido identifies malware before a CVE is created through Phylum’s threat feed.
By integrating Aikido in your CI/CD you can block malicious code from being merged.
Features
Get instant critical notifications via email or on Slack or Teams from the moment Aikido detects malware. Legacy SCA scanners won’t provide this protection.
Check out which malware packages are currently detected in public registries, directly in your Aikido software supply chain attacks report.
Check out the feed
Built on reliable open source security scanners, all combined in one platform. Enhanced with our own code to cover any scanning gaps.
Cloud
Detects cloud infrastructure risks across major cloud providers.
CloudSploit
Custom Rules Engine
Code & Containers
Continuously monitors your code for known vulnerabilities, CVEs and other risks.
Trivy
Syft
Grype
Custom Rules Engine
Code
Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...
Gitleaks
Code
Scans your source code for security risks before an issue can be merged.
Semgrep
Gosec
Brakeman
Custom Rules
Code
Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.
Checkov
Containers
Scans your container OS for packages with security issues.
Syft
Grype
AWS Inspector
Custom Scanner
Domain
Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.
ZAP
Nuclei
Custom Rules
Code & Containers
Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..
Syft
Grype
Custom Rules
Code
Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.
Phylum
Code & Containers
Checks if any frameworks & runtimes you are using are no longer maintained.
endoflife.date
Custom
Imports and auto-triages findings from your current scanner stack.
GitHub Advanced Security
SonarQube
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
We can’t & won’t, this is guaranteed by read-only access.
Trusted by development teams around the world
Review
Manu D.B.
CTO at We Are