We take our ownsecurity seriously

Due to the sensitivity of the data stored in Aikido, security on our own platform is our highest priority.

Compliance

Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II requirements. A copy of the report can be requested on our trust page.

SOC 2

Compliant

ISO 27001

Implementing

Reliability

Aikido manages all user data via Amazon Web Services (AWS). All data is automatically backed up and stored redundantly.

Thanks to our server and network infrastructure, Aikido remains accessible even when hardware problems occur. We guarantee an uptime of 99.9% to continuously keep our services up and running. All information about security measures taken by AWS can be found here.

Encryption

Encryption is used on all Aikido accounts. This encryption is used for all external and internal connections and guarantees that sensitive information can never be sent or received as readable text. Data at rest is also encrypted.

Data Security & Privacy

Data privacy is essential for Aikido. That is why all data is stored within the borders of the European Union.

The data centers of AWS are distributed all over the world, but as far as the data in Aikido (including backups) is concerned, this only applies to data centers in Ireland and Germany. AWS is fully compliant with the European Data Security Regulations (GDPR). Read here more about which data Aikido stores.

Frequent Asked Q's

Do I need to give access to my repos to test out the product?

When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

What happens to my data?

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. By default, all the clones and containers are then auto-removed after that, always, every time, for every customer. This process repeats every 24 hours, to provide continuous monitoring.

How can I trust Aikido?

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II requirements. Next to that we are implementing ISO 27001 compliance standards. Visit our Trust page to learn more about our security practices.

Availability

Aikido is available on any device, worldwide, with the exception of older browsers such as Internet Explorer 11 & earlier versions.

Health checks & simple pings of the components are used to check if the functions are operational.

Open Status Page

Release process

Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.

Changes are communicated to the customer success team in a timely manner.

Test environments can freely be created upon request.

Changes are communicated to end users in-app.

There is no beta environment that contains newer features. Experimental features are released by feature flagging.

Responsible Disclosure Policy

At Aikido, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

hello@aikido.dev