LoginStart Free

We take our ownsecurity seriously

Due to the sensitivity of the data stored in Aikido, security on our own platform is our highest priority.

Compliance in check

GDPR

Aikido is in full support of the General Data Protection Regulation (GDPR). GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.

Read more

Aikido dashboard

ISO 27001 - 2022

Aikido has achieved ISO 27001:2022 compliance, signifying our commitment to robust information security management. This globally recognized standard ensures that we systematically identify, assess, and mitigate risks to our information assets while complying with legal requirements.

Request certificate

Aikido dashboard

SOC 2 Type II

Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II requirements.

Request report

Aikido dashboard

Aikido never stores your code

Aikido does not store your code after analysisis finished. We perform actions such as git clones in a fresh docker container for each repository. After analysis, the data is wiped and the docker container is terminated.

For Github, no refresh or access tokens are stored in our database. An Aikido database breach would not result in your GitHub code being downloadable. By default, our integrations require a read-only scope.

Aikido dashboardAikido dashboard

Frequent Asked Q's

1
Do I need to give access to my repos to test out the product?
Do I need to give access to my repos to test out the product?
Do I need to give access to my repos to test out the product?
When you log in with your VCS we don’t get access to any of your repositories. You can manually give access to the repositories you’d like to scan. It’s also possible to test out the platform using sample repositories.
1
What happens to my data?
What happens to my data?
What happens to my data?
We clone the repositories inside of temporary environments (such as docker containers unique to you). Those containers are disposed of, after analysis. The duration of the test and scans themselves take about 1-5 mins. By default, all the clones and containers are then auto-removed after that, always, every time, for every customer. This process repeats every 24 hours, to provide continuous monitoring.
1
Does Aikido make changes to my codebase?
Does Aikido make changes to my codebase?
Does Aikido make changes to my codebase?
We can’t & won’t, this is guaranteed by read-only access.
1
What do you do with my source code?
What do you do with my source code?
What do you do with my source code?
Aikido does not store your code after analysis has taken place. Some of the analysis jobs such as SAST or Secrets Detection require a git clone operation. More detailed information can be found on docs.aikido.dev.
1
How can I trust Aikido?
How can I trust Aikido?
How can I trust Aikido?
We’re doing everything we can to be fully secure & compliant. Aikido has been examined to attest that its system and the suitability of the design of controls meets the AICPA's SOC 2 Type II & ISO 27001:2022 requirements. Visit our Trust page to learn more about our security practices.
Request a security report
Request a security report

Share how you score on unbiased standards & best practices

Aikidosec Benchmark
SOC 2
OWASP Top 10
27001:2022
Security Reports

Get an instant SOC 2, ISO 27001 or OWASP Top 10 report

Know where you stand on the technical vulnerability management controls for your compliance certification.

Share your security reports with your leads in just a few clicks, so you can get through security reviews faster.

Decide which information you'd like to share such as:

1
Benchmarks
2
Scan history
3
Issue insights
4
Time to fix
5
Compliance reporting on ISO27001, SOC2 & OWASP Top 10
6
SLA compliance
7
Exposure windows
8
GDPR data region monitoring
Availability

Aikido is available on any device, worldwide, with the exception of older browsers such as Internet Explorer 11 & earlier versions.

Health checks & simple pings of the components are used to check if the functions are operational.

Open Status Page
Release process
1
Integration and automatic end2end testing in CI ensures that updates do not break any use cases required by users.
2
Changes are communicated to the customer success team in a timely manner.
3
Test environments can freely be created upon request.
4
Changes are communicated to end users in-app.
5
There is no beta environment that contains newer features. Experimental features are released by feature flagging.
Responsible Disclosure Policy

At Aikido, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible.

hello@aikido.dev
Company
ProductPricingAboutCareersContact
Resources
DocsPublic API DocsBlogIntegrationsGlossaryPress Kit
Security
Trust CenterSecurity OverviewChange Cookie Preferences
Legal
Cookie Policy
Privacy Policy & GDPR
Terms of Use
Alternative to
Snyk Alternative
Industries
For HealthTech
Connect
hello@aikido.dev
Subscribe
Stay up to date with all updates
👋🏻 Thank you! You’ve been subscribed.
Team Aikido
Not quite there yet.
© 2023 Aikido Security BV
Coupure Rechts 88, 9000 Ghent, Belgium BE0792914919
SOC 2
Compliant
ISO 27001
Compliant