Aikido Security Reviews

Their transparancy, ease of use, they're improving their tool all the time.

Affordable price with stellar results. Typical competitors have steep pricing that scales with the number of repo's / number of instances running.

Aikido helps us stay ahead of the curve. It educates us about possible liabilities, and it engages the whole engineering team.

Nothing really, there can be minor UX quirks from time to time but nothing that deminishes it's value.

Big fan and encourage any company (especially start-ups) to get this tool. It's a no-brainer to me

Staying ahead of security liabilities instead of reactive.

It also educates us (the whole engineering team) so in a way they're making us better engineers as well

Aikido provides the easiest setup of any of such tools that I have tested so far. I was using it with the Gitlab integration and it recognized all of our repositories. The security warnings it provides are almost always correct and invalid warnings can easily be muted and it learns from this. It even found issues that our previous software could not find.

A few times it falsly reported test data as leaked credentials. To be fair though, the data indeed looked like that.

Aikido ensures that our software is delivered with latest security fixes and as free of potential security issues as possible. Hence, our developers need to spend less time working on tracking vulnerabilities in external (and internal) dependencies.

Aikido has been instrumental in keeping our application secure. The platform integrates smoothly with popular CI/CD pipelines and other security tools, facilitating a more streamlined vulnerability management process.

The platform has great features and integrations. A deeper Slack integration with a weekly digest would be helpful.

Aikido has helped us with managing vulnerabilities and keeping our codebase secure, so our developers can spend time in other areas and deliver value to our customers.

Aikido Security stands out for its ability to deliver comprehensive, actionable security insights in a user-friendly manner. I was impressed with how quickly and seamlessly it could integrate into existing BitBucket, GitLab and GitHub repositories, and the simplicity of connecting our cloud environment (Google Cloud in this case) was commendable. One of the strongest points about Aikido is its ability to cut through the noise and deliver important, actionable vulnerabilities instead of flooding you with trivial issues or false positives.

While Aikido performs impressively, there's some room for improvement, particularly in detailing their reports. For instance, pointing out specifics in the case of large cloud infrastructures would be very helpful.

The broad range of checks that Aikido covers, from package vulnerabilities and committed secrets to security headers and vulnerable libraries, truly sets it apart from its competitors. Moreover, the platform's cloud scanning is extremely useful and gives you confidence that you're not overlooking any security missteps when setting up infrastructure or doing maintenance.

Aikido also offers code and cloud security in one tool, which was a game changer for us, eliminating the need for multiple tools. The automated reporting is another powerful feature that helps with ISO27001, SOC2 certification, making it a value-added component in our security toolkit.

Knowing how well your software is secured has not always been easy in the past, but Aikido solves this in a very accessible way.

I would find it convenient should the tool not only scan the code, but also monitor live whether certain endpoints are being abused.

Aikido immediately looks at all the packages you are using and considers whether certain packages are no longer safe to use or have security breaches.

I highly appreciate Aikido Security due to its clear user experience, enabling you to quickly identify and track security issues. With just a few clicks, you can seamlessly integrate it into your existing GitLab repositories and get started. One of the standout features for me is its communication of newly emerged security concerns through multiple channels, including email updates.

Overall, I had a good experience with the platform. For very complex security issues, I still think it's important to review code manually as well, but they keep adding new features for security detection that reduce that manual work.

The Aikido Security platform helped us to obtain an overview of vulnerable dependencies and easily identify non-compliant software licenses in third-party packages much faster without the hassle of doing complex configruations first.

* Both code and cloud security in one tool, in the past we would need multiple tools for this.

* Extremely easy to set-up, connection to your cloud components and repositories was done in a couple of minutes and super straightforward thanks to their great ux.

* With aikido you can really make security one of your USPs with their integrated automated reporting solution which helps for ISO27001, soc2 certification

* They generate great security reports but they sometimes miss important details. Our cloud infrastructure is rather large and that it sometimes says instance does not have X, but it doesn't specify which instance it is. Adding more detail will help save time in finding what the problem is.

Easiest system to find important security problems in both our application as our cloud components and limiting false positives to a minimum.

First platform that can easily give you a first insight in what to do for ISO27001 certification without having to pay big license fees.

Comprehensive tool! it scans code repositories and clouds which allow you to gain insights of your application as a whole. The reports are very usefull for less technical people as well.

There are still some false positives and I am missing a regex based file filter to exculde tests for example.

monitor the security of our applications

Aikido Security is very easy to setup and delivers its first results in mere minutes. It combines all the essential security scanning such as repo scanning, cloud security, credential leakage, ... in one package that's easy to use by any development team.

Initially we were missing some features and support for code languages. But since this is a product that is rapidely evolving these we're quickly added and since then we haven't had any real dislikes.

Aikido provides an all-in-one security vulnerability scanner that offers a wide range of support for different security domains. This allows us to streamline our security proces, discover and treat issues a lot faster and gives us one overview of our security posture. It does all of this at a price setting that is affordable for SMB's while giving access to a lot of features that are most commenly found in enterprise plans.

In an age where security vulnerabilities are rampant, it's crucial to equip your software development lifecycle with a comprehensive set of tools that can cover every aspect of security. Recently, I had the opportunity to try Aikido, which brings together a multitude of features under one roof.

As a user of this security tool, I've found the Open Source Dependency Scanning (SCA), Static Code Analysis, Open Source License Scanning, and Malware Detection in Dependencies to be an integral part of my development workflow. The SCA keeps me worry-free about vulnerabilities, and I love how the Static Code Analysis catches issues before they even reach the main code. The license scanning has saved me a lot of headaches, letting me know if there are any hidden dangers in the licenses I'm using. And the Malware Detection? It’s like having a silent guardian watching over my code, ensuring nothing malicious sneaks in.

All these features feel well-thought-out and designed with a developer like me in mind. It's not just about security; it's about peace of mind, knowing that my work is safe and sound. It's been a great experience, and I wouldn't want to code without these tools by my side.

It's clear that the tool is on a promising trajectory, and I'm genuinely excited about what's to come. The information provided about detected issues is precise and insightful, making me feel secure in those areas. However, I sometimes wonder if there might be hidden issues not yet brought to light. Despite this concern, I have confidence in the team behind the tool, and I firmly believe that any potential gaps will be addressed in future updates. I'm keeping a close eye on its progress and remain optimistic that this tool will continue to evolve into an even more essential part of my security toolkit.

As a developer, Aikido has been instrumental in transforming the way I handle third-party code within our projects. With an ever-present need to comply with ISO certification requirements, the tool's capabilities in detecting and reporting vulnerabilities in third-party code have been nothing short of a lifeline.

Before Aikido, the process was time-consuming and labor-intensive, requiring meticulous manual checks that were prone to human error.

Now, Aikido takes care of this critical aspect with efficiency and precision, allowing me to focus on what I do best: creating and innovating.

The tool not only ensures that our code adheres to the stringent standards required for ISO certification but also saves an enormous amount of time that was once spent in the cumbersome process of vulnerability detection.

It's a game-changer in our workflow, delivering both compliance and convenience.