Product
Everything you need to secure code, cloud, and runtime– in one central system
Code
Dependencies
Prevent open-source risks (SCA)
Secrets
Get flagged for exposed secrets
SAST
Secure code as its written
Container Images
Build secure images
Malware
Prevent supply chain attacks
IaC
Scan IaC for misconfigurations
License Risk & SBOMs
Avoid risk, be compliant
Outdated Software
Know your EOL runtimes
Cloud
CSPM
Cloud misconfigurations
DAST
Black-box security testing
API Scanning
Test your API’s for vuln
Virtual Machines
No agents, no overhead
Kubernetes Runtime
soon
Secure your container workloads
Cloud Inventory
soon
Cloud sprawl, solved
Defend
Runtime Protection
In-app Firewall / WAF
Features
AI Autofix
1-click fixes with Aikido AI
CI/CD Security
Scan before merge and deployment
IDE Integrations
Get instant feedback while coding
On-Prem Scanner
Compliance-first local scanning
Solutions
Use Cases
Compliance
Automate SOC 2, ISO & more
Vulnerability Management
All-in-1 vuln management
Secure Your Code
Advanced code security
Generate SBOMs
1 click SCA reports
ASPM
End-to-end AppSec
AI at Aikido
Let Aikido AI do the work
Block 0-Days
Block threats before impact
Industries
FinTech
HealthTech
HRTech
Legal Tech
Group Companies
Agencies
Startups
Enterprise
Mobile apps
Manufacturing
Pricing
Resources
Developer
Docs
How to use Aikido
Public API docs
Aikido developer hub
Changelog
See what shipped
Security
In-house research
Malware & CVE intelligence
Glossary
Security jargon guide
Trust Center
Safe, private, compliant
Open Source
Aikido Intel
Malware & OSS threat feed
Zen
In-app firewall protection
OpenGrep
Code analysis engine
Integrations
IDEs
CI/CD Systems
Clouds
Git Systems
Compliance
Messengers
Task Managers
More integrations
About
About
About
Meet the team
Careers
We’re hiring
Press Kit
Download brand assets
Calendar
See you around?
Open Source
Our OSS projects
Blog
The latest posts
Customer Stories
Trusted by the best teams
Contact
Login
Start for Free
No CC required
Aikido
Menu
Aikido
EN
EN
FR
JP
Login
Start for Free
No CC required

We take our own
security seriously

Due to the sensitivity of the data stored in Aikido, security on our own platform is our highest priority.

Privacy & GDPR

Aikido is in full compliance of the General Data Protection Regulation (GDPR).

Read more

Compliance

Aikido is both ISO 27001:2022 & AICPA's SOC 2 Type II compliant.

Request certificates

Pentesting & Bug Bounties

Aikido conducts annual external pentests and maintains an active bug bounty program.
‍
Message help@aikido.dev with your Intigriti username to get invited to the bug bounty program.

Request bug bounty access

Aikido never stores your code

Aikido doesn't store your code after completing the analysis. We perform actions such as git clones in a fresh docker container for each repository. After analysis, the data is wiped and the docker container is terminated.

For GitHub, no refresh or access tokens are stored in our database. An Aikido database breach would not result in your GitHub code being downloadable. By default, our integrations require a read-only scope.

Alternatively, you can run Aikido locally (on-prem) as well. Download the Aikido local scanners to get started.

Aikido dashboardAikido dashboard

Read documentation

Trusted by innovative dev teams

Henchman logoZus health logoSecure code warrior logolighthouse logoLoctax logoOliva logoVisma

Aikido

never stores your code.

Aikido doesn't store your code after completing the analysis. We perform actions such as git clones in a fresh docker container for each repository. After analysis, the data is wiped and the docker container is terminated.

Aikido process
github

Online scanning

For GitHub, no refresh or access tokens are stored in our database. An Aikido database breach would not result in your GitHub code being downloadable. By default, our integrations require a read-only scope.

Local scanning

Alternatively, you can run Aikido locally (on-prem) as well. Download the Aikido local scanners to get started.

Aikido processAikido dashboard
Read documentation

Trusted by
innovative dev teams

Embraced by pioneering development teams worldwide.

HenchmanZusSecure Code Warrior LoctaxOlivaVisma

Frequent Asked Q's

1
Do I need to give access to my repos to test out the product?
Do I need to give access to my repos to test out the product?
Do I need to give access to my repos to test out the product?
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
1
What happens to my data?
What happens to my data?
What happens to my data?
We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.
1
Does Aikido make changes to my codebase?
Does Aikido make changes to my codebase?
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
1
What do you do with my source code?
What do you do with my source code?
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
1
How can I trust Aikido?
How can I trust Aikido?
How can I trust Aikido?
We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.
1
Does Aikido require agents?
Does Aikido require agents?
Does Aikido require agents?
No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!
1
Is Aikido's software pentested?
Is Aikido's software pentested?
Is Aikido's software pentested?
Yes. We run a yearly pentest on our platform.
1
Do you have a bug bounty programme?
Do you have a bug bounty programme?
Do you have a bug bounty programme?
Yes we do! You can find the our bug bounty programmes on Intigriti.

FAQ

More to explore
Documentation
Trust Center
Integrations

Do I need to give access to my repos to test out the product?

When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.

What happens to my data?

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

What do you do with my source code?

Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.

How can I trust Aikido?

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.

Does Aikido require agents?

No! Unlike others, we're fully API based, no agents are needed to deploy Aikido! This way you're up & running in mere minutes & we're way less intrusive!

‍

Is Aikido's software pentested?

Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure our security is continuously tested by a wide range of experts.

Do you have a bug bounty programme?

Yes we do! You can find the our bug bounty programmes on Intigriti.

How does Aikido know which alerts are relevant?

We’ve built a rule engine that takes the context of your environment into account. This allows us to easily adapt the criticality score for your environment & filter out false positives. If we’re not sure, the algorithm always reverts to the safest option...

What happens to my data?

We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. All the clones and containers are then auto-removed after that, always, every time, for every customer.

Does Aikido make changes to my codebase?

We can’t & won’t, this is guaranteed by read-only access.

I don’t want to connect my repository. Can I try it with a test account?

Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!

How is Aikido different?

Aikido combines features from lots of different platforms in one. By bringing together multiple tools in one platform, we’re able to contextualize vulnerabilities, filter out false positives and reduce noise by 95%.

How can I trust Aikido?

We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements.

More to explore
Documentation
Trust center
Integrations
Request a security report
Security report request

Share how you score on unbiased standards & best practices

NIS2
OWASP Top 10
27001:2022
CIS v8
SOC 2
Aikidosec Benchmark
NIS2
OWASP Top 10
27001:2022
CIS v8
SOC 2
Aikidosec Benchmark
NIS2
OWASP Top 10
Aikido ISO compliance
27001:2022
CIS v8
Aikido SOC compliance
SOC 2
Aikido
Aikidosec Benchmark
Security Reports

Get an instant SOC 2, ISO 27001 or OWASP Top 10 report

Know where you stand on the technical vulnerability management controls for your compliance certification.

Share your security reports with your leads in just a few clicks, so you can get through security reviews faster.

Decide which information you'd like to share such as:

1
Benchmarks
2
Scan history
3
Issue insights
4
Time to fix
5
Compliance reporting on ISO27001, SOC2 & OWASP Top 10
5
SLA compliance
6
Exposure windows
7
GDPR data region monitoring
Availability

Aikido is available on any device, worldwide.

Health checks & simple pings of the components are used to check if the functions are operational.

Open Status Page
Release process
1
Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.
2
Changes are communicated to the customer success team in a timely manner.
3
Test environments can freely be created upon request.
4
Changes are communicated to end users in-app.
5
There is no beta environment that contains newer features. Experimental features are released by feature flagging.
Responsible Disclosure Policy

At Aikido, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

hello@aikido.dev
Company
ProductPricingAboutCareersContactPartner with us
Resources
DocsPublic API DocsVulnerability DatabaseBlogIntegrationsGlossaryPress KitCustomer Reviews
Security
Trust CenterSecurity OverviewChange Cookie Preferences
Legal
Privacy PolicyCookie PolicyTerms of UseMaster Subscription AgreementData Processing Agreement
Use Cases
ComplianceSAST & DASTASPMVulnerability ManagementGenerate SBOMsWordPress SecuritySecure Your Code
Industries
For HealthTechFor MedTechFor FinTechFor SecurityTechFor LegalTechFor HRTechFor AgenciesFor EnterpriseFor PE & Group Companies
Compare
vs All Vendorsvs Snykvs Wizvs Mendvs Orca Securityvs Veracodevs GitHub Advanced Securityvs GitLab Ultimatevs Checkmarxvs Semgrepvs SonarQube
Connect
hello@aikido.dev
LinkedInX
Subscribe
Stay up to date with all updates
Not quite there yet.
👋🏻 Thank you! You’ve been subscribed.
Team Aikido
Not quite there yet.
© 2025 Aikido Security BV | BE0792914919
🇪🇺 Registered address: Coupure Rechts 88, 9000, Ghent, Belgium
🇪🇺 Office address: Gebroeders van Eyckstraat 2, 9000, Ghent, Belgium
🇺🇸 Office address: 95 Third St, 2nd Fl, San Francisco, CA 94103, US
SOC 2
Compliant
ISO 27001
Compliant