Security Practices at Aikido Security
Aikido offers a cloud security platform.
Due to the sensitivity of the data stored in Aikido, such as information on code vulnerabilities and cloud assets, security on our own platform is one of our highest priorities.
Aikido is under audit to become SOC2 compliant in Q1 2023. Our report will be published on this page.
Aikido manages all user data via Amazon Web Services (AWS). All data is automatically backed up and stored redundantly. Thanks to our server and network infrastructure, Aikido remains accessible even when hardware problems occur. We guarantee an uptime of 99.9% to continuously keep our services up and running. All information about security measures taken by AWS can be found here.
Encryption is used on all Aikido accounts. This encryption is used for all external and internal connections and guarantees that sensitive information can never be sent or received as readable text. Data at rest is also encrypted.
Data Security & Privacy
Data privacy is essential for Aikido. That is why all data is stored within the borders of the European Union. The data centres of AWS are distributed all over the world, but as far as the data in Aikido (including backups) is concerned, this only applies to data centers in Ireland and Germany. AWS is fully compliant with the European Data Security Regulations (GDPR). Read more about which data Aikido stores.
Do I need to give access to my repos to test out the product?
When you log in with your version control system (VCS) we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
What do you do with my source code?
We download a zip containing the code which is instantly deleted after analysis. None of your IP ever gets stored on a drive.
Aikido is available on any device, worldwide, with the exception of older browsers such as Internet Explorer 11 and earlier versions for security reasons. Health checks and simple pings of the components are used to check if the functions are operational. Aikido has a dedicated page where the status of our system can always be checked.
The Aikido development team has implemented a structured release process:
- Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.
- Changes are communicated to the customer success team in a timely manner.
- Test environments can freely be created upon request.
- Changes are communicated to end users in-app.
- There is no beta environment that contains newer features. Experimental features are released by feature flagging.
Responsible Disclosure Policy
At Aikido, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. While we set up our public bug bounty programme, please email all findings to firstname.lastname@example.org.