Products
Aikido Platform

Your Complete Security HQ

Abstract black background with a grid of small white dots evenly spaced.

Explore platform

Advanced AppSec suite, built for devs.

  • Dependencies (SCA)
  • Supply Chain (Malware)
  • SAST
  • Code Audit
    NEW
  • AI SAST
    New
  • Code Quality
  • Secrets
  • Licenses (SBOM)
  • Outdated Software

Unified cloud security with real-time visibility.

  • Cloud Misconfigurations
  • Virtual Machines
  • Infrastructure as Code
  • K8s Scanning
  • Container Images
  • Hardened Images

AI-powered offensive security testing.

  • Continuous Pentests
  • Pentests
  • DAST
  • Attack Surface
  • API Scanning

in-app runtime defense and threat detection.

  • Device Protection
    NEW
  • Runtime Protection
  • Bot Protection
New: Aikido pentests that outperform humans.
Learn more
Solutions
By Feature
AI AutoFix
CI/CD Security
IDE Integrations
On-Prem Scanning
Continuous Pentests
Supply Chain Safety
By Use Case
Pentesting
Compliance
Vulnerability Management
Generate SBOMs
ASPM
CSPM
AI at Aikido
Block 0-Days
Shadow AI
NEW
By Stage
Startup
Enterprise
By Industry
FinTech
HealthTech
HRTech
Legal Tech
Group Companies
Agencies
Mobile apps
Manufacturing
Public Sector
Banks
Telecom
Vibe Coding
FedRAMP
New: Aikido pentests that outperform humans.
Learn more
Solutions
Use Cases
Compliance
Automate SOC 2, ISO & more
Vulnerability Management
All-in-1 vuln management
Secure Your Code
Advanced code security
Generate SBOMs
1 click SCA reports
ASPM
End-to-end AppSec
CSPM
End-to-end cloud security
AI at Aikido
Let Aikido AI do the work
Block 0-Days
Block threats before impact
Industries
FinTech
HealthTech
HRTech
Legal Tech
Group Companies
Agencies
Startups
Enterprise
Mobile apps
Manufacturing
Public Sector
Banks
Resources
Developer
Docs
How to use Aikido
Public API docs
Aikido developer hub
Changelog
See what shipped
Reports
Research, insights & guides
Trust Center
Safe, private, compliant
Open Source
Zen
In-app firewall protection
Icon of a globe with a connected network symbol inside a rounded square.
Opengrep
Code analysis engine
Aikido Safe Chain
Prevent malware during install.
Betterleaks
A better secrets scanner
Company
Blog
Get insights, updates & more
Customers
Trusted by the best teams
State of AI report
Insights from 450 CISOs and devs
Events & Webinars
Sessions, meetups &  events
Reports
Industry reports, surveys & analysis
Aikido Threat Intel

Real-time malware & vuln threats

Abstract black background with a grid of small white dots evenly spaced.

Go to Feed

Integrations
IDEs
CI/CD Systems
Clouds
Git Systems
Compliance
Messengers
Task Managers
More integrations
About
About
About
Meet the team
Careers
Hiring
We’re hiring
Press Kit
Download brand assets
Events
See you around?
Open Source
Our OSS projects
Customer Stories
Trusted by the best teams
Partner Program
Partner with us
PricingContact
Login
Start for Free
Aikido
Login
Menu
Aikido
EN
EN
FR
JP
DE
PT
ES
Login
Start for Free
No CC required

Aikido & Thoropass integration

Effortless technical vulnerability management for SOC2 & ISO 27001

Blue circular emblem with white text reading 'AICPA SOC' and the URL 'aicpa.org/soc4so', surrounded by the phrase 'SOC for Service Organizations | Service Organizations'.

Put technical vulnerability management on autopilot & become compliant - without putting a heavy burden on your dev team.

Get a 10% Thoropass discountSet up an Aikido Account

integration

Why use Thoropass?

1

Thoropass is the only complete compliance solution pairing smart software, expert guidance, continuous monitoring, and audit — so you can do business with confidence.

Generate evidence for technical controls

Aikido performs checks and generates evidence for technical controls for ISO 27001:2022 & SOC 2 Type 2. Automating technical controls is a big step-up towards achieving ISO & SOC 2 compliance.

Option 1

Struggle through a patchwork of free tools

To comply with technical vulnerability management controls, you can set up a combination of free open source tools to scan for OS vulnerabilities, secrets, containers, etc... Each tool will require setup and maintenance.

Aikido dashboard

Option 2

Buy expensive software packages

To comply with technical vulnerability management controls, there are many dedicated scanning platforms that work well in one area, but you'll end up with a sum of expensive licenses adding up to massive bills.

Aikido dashboard

Option 3

Get Aikido

Get all-round security coverage, everything you need to check the boxes for techical vulnerability controls, at an affordable price. These checks are a great accelerator for evidence collection for SOC2 & ISO 27001. Integrated in Thoropass.

Aikido covers all technical code and cloud security requirements for SOC2 Type 2 and ISO 27001:2022

SOC 2 Controls

Risk assesment

CC3.3: Consider the potential for fraud
CC3.2: Estimate Significance of Risks Identified

Control activities

CC5.2: The entity selects and develops general control activities over technology to support the achievement of objectives

Logical and physical access controls

CC6.1 • CC6.6 • CC6.7 • CC6.8

System operations

CC7.1: Monitor infrastructure and software
CC7.1: Implement change detection mechanism
CC7.1: Detect unknown or unauthorized components
CC7.1: Conduct vulnerability scans
CC7.1: Implement filters to analyze anomalies
CC7.1: Restores the affected environments

Additional criteria for availability

CC10.3: Tests integrity and completeness of backup data

Change management

CC8.1: Protect confidential information
CC8.1: Track system changes

ISO 27001 Controls

Technological controls

A.8.2 Privileged access rights • A.8.3 Information access restriction • A.8.5 Secure authentication • A.8.6 Capacity management • A.8.7 Protection against malware • A.8.8 Management of technical vulnerabilities • A.8.9 Configuration management • A.8.12 Data leakage prevention • A.8.13 Backups • A.8.15  Logging •  A.8.16 Monitoring activities • A.8.18 Use of privileged utility programs • A.8.20 Network security • A.8.24 Use of cryptography • A.8.25 Secure development lifecycle • A.8.28 Secure coding •  A.8.31 Separation of development, test and production environments  • A.8.32 Change management

Organizational controls

A.5.15: Access control
A.5.16: Identity management
A.5.28: Collection of evidence
A.5.33: Protection of records

How it works

How Aikido works

Connect your code, cloud & containers

It doesn't matter on which tool stack you are. Aikido connects with most popular stacks and scans continuously for issues.

Get relevant security & code quality alerts

No need to sift through hundreds of alerts. Only few of them really matter. Aikido auto-triages notifications.

down arrow

Unlock the Power of the Aikido and Thoropass

Comprehensive Vulnerability Management

Aikido's advanced vulnerability scanning capabilities work hand-in-hand with Thoropass' automated security compliance to provide a holistic solution.

Identify vulnerabilities, assess risks, and take proactive measures to strengthen your security posture.

Simplified Security Workflows

Say goodbye to manual processes and complex security workflows. By integrating Aikido with Thoropass, you can streamline your security operations and automate compliance tasks.

Enjoy the convenience of centralized management, consistent policy enforcement, and simplified workflows.

Real-Time Monitoring

Stay one step ahead of potential threats with real-time monitoring and reporting. Monitor vulnerabilities as they arise, ensuring timely detection and response.

Generate comprehensive reports that provide actionable insights for your security team and stakeholders. Make informed decisions and demonstrate compliance effortlessly.

Setup

How to set up the Thoropass integration

Enable Integration

Connect Aikido and Thoropass

1

Create an Aikido account and go to the integrations settings to set up the connection. In just a few clicks you can connect Aikido to Thoropass.

Sync Vulnerability Data

2

Aikido automatically syncs vulnerability data between Aikido and Thoropass. This integration ensures that your vulnerability information is always up to date, enabling accurate risk assessment and efficient remediation. (Check out the technical details in our docs)

Remediate issues with Actionable Insights

3

Leverage the power of Aikido and Thoropass to gain actionable insights and prioritize vulnerabilities effectively. Seamlessly transition from identification to remediation, ensuring your security efforts are targeted and impactful.

When development teams switch to  , they're blown away

Without
1

Juggling multiple DevSecOps tools

2

Getting overloaded with irrelevant security alerts

3

Trying to understand PhD-level documentation on fixes

4

Spending hours setting up multiple repos & clouds

With
1

Have an all-in-one tool that covers 99% of threats

2

Get 85% less irrelevant alerts

3

Fix issues fast with stupidly simple explanations

4

Set up repos & cloud config in less than a minute

Integrate Aikido with Thoropass

Enabling the integration is done in a few clicks.
Setting up an Aikido account takes just 30 seconds.

Get a 10% Thoropass discountSet up an Aikido Account
Use keyboard
Use left key to navigate previous on Aikido slider
Use right arrow key to navigate to the next slide
to navigate through articles
Visit our Blog
Compromised @injectivelabs/sdk-ts exfiltrates wallet keys through fake telemetry
By
Hunter Schwartz
Hunter Schwartz

Compromised @injectivelabs/sdk-ts exfiltrates wallet keys through fake telemetry

Vulnerabilities & Threats
July 9, 2026
Read more
AI Pentesting Buyer's Guide: How to evaluate AI pentesting vendors
By
Sooraj Shah
Sooraj Shah

AI Pentesting Buyer's Guide: How to evaluate AI pentesting vendors

Guides & Best Practices
July 9, 2026
Read more
Predicting MongoDB ObjectId() continuously in Rocket.Chat
By
Jorian Woltjer
Jorian Woltjer

Predicting MongoDB ObjectId() continuously in Rocket.Chat

Vulnerabilities & Threats
July 6, 2026
Read more
Authentication Bypass in the default configuration phpBB
By
Jorian Woltjer
Jorian Woltjer

Authentication Bypass in the default configuration phpBB

Vulnerabilities & Threats
July 4, 2026
Read more
AI Pentesting for Compliance
By
Jens Gellynck
Jens Gellynck

AI Pentesting for Compliance

Compliance
July 2, 2026
Read more
And another one. GitHub ships break-glass credential revocation
By
Dania Durnas
Dania Durnas

And another one. GitHub ships break-glass credential revocation

News
July 1, 2026
Read more
Aikido acquires Root to secure the supply chain
By
Madeline Lawrence
Madeline Lawrence

Aikido acquires Root to secure the supply chain

Product & Company Updates
June 30, 2026
Read more
npm now freezes high-impact accounts after risky account changes
By
Dania Durnas
Dania Durnas

npm now freezes high-impact accounts after risky account changes

News
June 26, 2026
Read more
Packagist is now protected by Aikido Intel and other updates to the PHP registry
By
Dania Durnas
Dania Durnas

Packagist is now protected by Aikido Intel and other updates to the PHP registry

Product & Company Updates
June 26, 2026
Read more
Company
  • Platform
  • Pricing
  • About
  • Careers
  • Contact
  • Partner with us
Resources
  • Docs
  • Public API Docs
  • Vulnerability Database
  • Blog
  • Customer Stories
  • Integrations
  • Glossary
  • Press Kit
  • Customer Reviews
  • Aikido Intel
Industries
  • For HealthTech
  • For MedTech
  • For FinTech
  • For SecurityTech
  • For LegalTech
  • For HRTech
  • For Agencies
  • For Enterprise
  • For Startups
  • For PE & Group Companies
  • For Government & Public Sector
  • For Smart Manufacturing & Engineering
  • For Government & Regulated Workloads
Use Cases
  • Pentest
  • Compliance
  • SAST & DAST
  • ASPM
  • Vulnerability Management
  • Generate SBOMs
  • WordPress Security
  • Secure Your Code
  • Aikido for Microsoft
  • Aikido for AWS
Compare
  • vs All Vendors
  • vs Snyk
  • vs Wiz
  • vs Mend
  • vs Orca Security
  • vs Veracode
  • vs GitHub Advanced Security
  • vs GitLab Ultimate
  • vs Checkmarx
  • vs Semgrep
  • vs SonarQube
  • vs Black Duck
Legal
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
  • Master Subscription Agreement
  • Data Processing Agreement
  • AI Penetration Testing Addendum
Connect
  • hello@aikido.dev
Security
  • Trust Center
  • Security Overview
  • Change Cookie Preferences
Subscribe
Stay up to date with all updates
LinkedInYouTubeX
© 2026 Aikido Security BV | BE0792914919
🇪🇺 Keizer Karelstraat 15, 9000, Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US
🇺🇸 330 N. Wabash 23rd Floor Chicago, IL 60611, US
🇬🇧 Unit 33, Waterside, Schooner Court, 44-48 Wharf Road, London, United Kingdom, N1 7UX
SOC 2
Compliant
ISO 27001
Compliant
FedRAMP
Implementing