Review
“Aikido makes your security one of your USPs thanks to their integrated automated reporting solution, which helps for ISO & SOC2 certification”
Fabrice G
Managing director at Kadonation
.png)
License Risk
Manage Open-Source License Risk & SBOMs
Identify risky open-source licenses in your dependencies and generate SBOMs for compliance.
Get a full overview of all licenses in use- Adjust license risk scoring & filter out internal licenses
- Generate an SBOM (Software Bill Of Materials)
.avif)
"With Aikido, we can fix an issue in just 30 seconds – click a button, merge the PR, and it’s done."
"Aikido's auto-remediation feature is a huge time-saver for our teams. It cuts through the noise, so our developers can focus on what really matters."
“With Aikido, security is just part of the way we work now. It’s fast, integrated, and actually helpful for developers.”
Chosen by 25,000+ orgs worldwide
Importance of License Risk
Why License Scanning Matters
Some open-source licenses have clauses that could force you to open-source your own code.
It’s crucial to ensure none of your dependencies carry licenses that threaten your business’s IP.
License scanning also prepares you to provide SBOMs during security audits.
Get an Overview on License Risk
Get a complete overview of all licenses in use and the risk associated with each.
Easily Export SBOMs
Export a CycloneDX SBOM with one click (or a CSV list, if needed).
Features
License scanning features
Generate SBOMs Instantly
Actionable License Insights
License noise is overwhelming. Aikido filters the signal using an LLM-powered engine and multiple data sources to score severity. Risky licenses rise to the top—so you can act fast, assign tasks, and clean up your SBOM as you go.
Flexible License Risk Controls
No Legal Jargon, Just License Facts
Aikido’s vetted license database translates complex legal jargon into plain, actionable language. Quickly understand each license’s obligations and risks.
Full License Coverage, Including Containers
Most license tools only scan your repositories. Aikido gives you full coverage by scanning the licenses inside your container images as well.
Meet Software Compliance Standards
Clear Copyright Attribution
1{
2 "name": "react",
3 "version": "18.2.0",
4 "licenses": [{ "license": { "id": "MIT" } }],
5 "purl": "pkg:npm/react@18.2.0",
6 "copyright":
7 "Copyright (c) Facebook, Inc. and its affiliates."
8}Full Coverage in One Platform
Replace your scattered toolstack with one platform that does it all—and shows you what matters.
FAQ
More to explore
Has Aikido itself been security tested?
Yes — we run yearly third-party pentests and maintain a continuous bug bounty program to catch issues early.
Can I also generate an SBOM?
Yes - you can export a full SBOM in CycloneDX, SPDX, or CSV format with one click. Just open the Licenses & SBOM report to see all your packages and licenses.
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
Can I try Aikido without giving access to my own code?
Yes - you can connect a real repo (read-only access), or use our public demo project to explore the platform. All scans are read-only and Aikido never makes changes to your code. Fixes are proposed via pull requests you review and merge.
I don’t want to connect my repository. Can I try it with a test account?
Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
More to explore
Get secure for free
Secure your code, cloud, and runtime in one central system.
Find and fix vulnerabilities fast automatically.
.avif)
