Review
“Aikido makes your security one of your USPs thanks to their integrated automated reporting solution, which helps for ISO & SOC2 certification”
Fabrice G
Managing director at Kadonation
Software Composition Analysis (SCA)
Detects vulnerabilities, malware, end-of-life runtimes & OSS licenses or generate SBOMs.
Scanners under the hood
Trivy
Syft
Grype
Custom Rules
Built for
GitHub
Bitbucket
GitLab
Azure DevOps
GitLab Self-Managed
Local Scanning
Importance of SCA
Open source tools don't always support all languages. Aikido combines multiple scanners to fix all gaps. (For example, Aikido supports .csproj files out of the box)
Check language support
Open source projects tend to be hard to set up and keep running flawlessly. Aikido fixes any issues and keeps your scans going. On top of that, you're able to easily see if you're missing lockfiles.
Features
Aikido Autofix is a tool you can use to have Aikido fix vulnerabilities in 3rd party dependencies in your projects. It will do this by creating pull requests that remove the vulnerability via package updates or by other means. In some cases an Aikido Autofix can remove a whole class of vulnerabilities instead of just 1 issue.
Learn more
When Aikido finds vulnerabilities, it will report duplicate issues as one issue. Unlike other scanners that will overload you with hundreds of security alerts, when the affected function is found multiple times. You'll only get alerted if there exists a known fix for any given vulnerability.
Aikido checks if you're using a certain function. If not, it's clearly a false positive and it's automatically triaged.
Learn more
No need to do CVE research. Aikido gives you the TL;DR, tells you how you're affected & how you can most easily remediate security issues or even auto-fix them.
Learn more
Checks against multiple popular CVE databases. Aikido detects vulnerabilities with the help of AI (LLM).
Read more
The npm ecosystem is susceptible to malicious packages being published because of its open nature.
Aikido identifies malicious code that may be embedded within JavaScript files or npm packages. Powered by Phylum. (Scans for backdoors, trojans, keyloggers, XSS, cryptojacking scripts and more.)
Read more
Security audits typically require providing an SBOM. Aikido makes it easy to analyze this list in advance & generate it whenever required. You're also able to create an SBOM of containers. Aikido supports cycloneDX and SPDX.
Aikido automates all technical vulnerability management controls, making SOC2 & ISO 27001 compliance a whole lot easier. Compliant companies have an easier time to prove that their customer's data is secure, which helps with closing bigger deals.
Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure the security of Zen is continuously tested by a wide range of security experts.
You can create a CycloneDX SBOM or csv export with one click. Just go to the Licenses & SBOM report where you'll get a full overview of all the packages & licenses you're using.
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
We can’t & won’t, this is guaranteed by read-only access.
Trusted by development teams around the world
Review
Fabrice G
Managing director at Kadonation