Software Supply Chain Security

Malware detection in dependencies

Protect your app from software supply chain attacks
Detects malware early, before a CVE is created
Malware protection is typically exclusive to enterprises, but included in Aikido!

Start for Free Book a Demo

Scanners under the hood

Phylum

Importance of Malware Scanning

Why should you do malware scanning?

Malware can be very damaging to your app. If you are infected, you need to act fast.
By using Malware in packages, hackers can sometimes easily extract data or install bitcoin miners.
This can cause data leaks or massive server costs.

Real-time Detection

With malware infections, speed is of the essence. Aikido identifies malware before a CVE is created through Phylum’s threat feed.

Prevent malicious code from entering your app

By integrating Aikido in your CI/CD you can block malicious code from being merged.

Features

Malware Scanning Features

Instant notifications

Get instant critical notifications via email or on Slack or Teams from the moment Aikido detects malware. Legacy SCA scanners won’t provide this protection.

Malware threat feed

Check out which malware packages are currently detected in public registries, directly in your Aikido software supply chain attacks report.

Check out the feed

Aikido's other scanners

Built on reliable open source security scanners, all combined in one platform. Enhanced with our own code to cover any scanning gaps.

Cloud

Cloud posture management (CSPM)

Detects cloud infrastructure risks across major cloud providers.

Leverages

CloudSploit

AWS Inspector

Custom Rules Engine

Code & Containers

Open source dependency scanning (SCA)

Continuously monitors your code for known vulnerabilities, CVEs and other risks.

Leverages

Trivy

Syft

Grype

Custom Rules Engine

Code

Secret Detection

Checks your code for leaked and exposed API keys, passwords, certificates, encryption keys, etc...

Leverages

Gitleaks

Code

Static code analysis (SAST)

Scans your source code for security risks before an issue can be merged.

Leverages

Bandit

Semgrep

Gosec

Brakeman

Custom Rules

Code

Infrastructure as code

Scans Terraform, CloudFormation & Kubernetes infrastructure-as-code for misconfigurations.

Leverages

Checkov

Containers

Container image scanning

Scans your container OS for packages with security issues.

Leverages

Syft

Grype

AWS Inspector

Custom Scanner

Domain

Surface monitoring (DAST)

Dynamically tests your web app’s front-end to find vulnerabilities through simulated attacks. Built on ZAP & Nuclei.

Leverages

ZAP

Nuclei

Custom Rules

Code & Containers

Open source license scanning

Monitors your licenses for risks such as dual licensing, restrictive terms, bad reputation, etc..

Leverages

Syft

Grype

Custom Rules

Code

Malware detection in dependencies

Prevents malicious packages from infiltrating your software supply chain. Powered by Phylum.

Leverages

Phylum

Code & Containers

Outdated Software

Checks if any frameworks & runtimes you are using are no longer maintained.

Leverages

endoflife.date

Custom

Connect your own scanner

Imports and auto-triages findings from your current scanner stack.

Import from

GitHub Advanced Security

SonarQube

Trusted by teams at over 1,000 of the world’s leading organizations

Review

As a software agency that builds custom software for our clients, it's important to keep vulnerabilities out of our code. Aikido does that job perfectly.

Manu D.B., CTO at We Are

FAQ

More to explore

Documentation

Trust Center

Integrations

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

Do I need to give access to my repos to test out the product?

When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.