Aikido Security
Aikido SecurityExternal reviews
139 reviews
from
External reviews are not included in the AWS star rating for the product.
You don't know you needed it, till you use it
What do you like best about the product?
As your team, and the complexity of your app scales and changes, you find yourself not able to maintain oversight into all the different security aspects of your codebase. Tools that you get from Cloud providers and Github (bots) are powerful, but provide yet another signal of noise, are all distributed and all only are relevant to a specific aspect of your application security. Other DiY tools to monitor specific aspects all take time to setup and maintain. Aikido is quickly setup and nicely packages up this information in a cohesive way, providing this and the tools to comb through them.
It's nice that it can also be run in CI, so that you can catch things early and integrates nicely with Vanta to help in the efforts related to compliancy.
There's a lot to like, the platform is still young, but Aikido is pushing out new features quite rapidly.
It's nice that it can also be run in CI, so that you can catch things early and integrates nicely with Vanta to help in the efforts related to compliancy.
There's a lot to like, the platform is still young, but Aikido is pushing out new features quite rapidly.
What do you dislike about the product?
It's already able to provide information and report on a lot of the more common security aspects, as well as IaC, CSPM, DAST,... analysis. But it certainly does not give a complete overview yet. To get a more cohesive plaform, it would be nice to also get more information into the security aspect of an active deployment rather than just the codebase and the images. The recently released DAST scans are already a good addition to that.
What problems is the product solving and how is that benefiting you?
Aikido helps us to stay on top of our security issues while eliminating some of the overhead of false positives. It also helps us and made it easy for us in order to become ISO ISO27001 compliant.
Out-of-the box instant security
What do you like best about the product?
Aikido Security is very easy to setup and delivers its first results in mere minutes. It combines all the essential security scanning such as repo scanning, cloud security, credential leakage, ... in one package that's easy to use by any development team.
What do you dislike about the product?
Initially we were missing some features and support for code languages. But since this is a product that is rapidely evolving these we're quickly added and since then we haven't had any real dislikes.
What problems is the product solving and how is that benefiting you?
Aikido provides an all-in-one security vulnerability scanner that offers a wide range of support for different security domains. This allows us to streamline our security proces, discover and treat issues a lot faster and gives us one overview of our security posture. It does all of this at a price setting that is affordable for SMB's while giving access to a lot of features that are most commenly found in enterprise plans.
Aikido makes security accessible & easy
What do you like best about the product?
Aikido is primarily based on already available tools, making it feasible to replicate the basic technical functionalities it offers. This means they aren't introducing any novel security scanning features. They're also very open about this by providing some references to how and with which tool a certain finding was found.
For our specific use case, I believe Aikido's strength lies in other areas, mostly addressing false positives and providing an easy to use platform to have a full understanding of your security situation.
Addressing false positives is accomplished by considering factors such as the environment (dev/prod) and whether the vulnerable function or feature is present in your code base. If we were to develop our own security tools using CI/CD pipelines or something comparable, we'd be stuck with numerous false alerts each week, necessitating manual review.
As previously mentioned, replicating the basic technical features Aikido provides is possible. While it would be a resource-intensive and tedious task, it's certainly achievable (which we started doing at some point before we started using Aikido). However, one challenging aspect to replicate is the capability to integrate various security tools into a single platform/interface, catered to both management and technical personnel.
For our specific use case, I believe Aikido's strength lies in other areas, mostly addressing false positives and providing an easy to use platform to have a full understanding of your security situation.
Addressing false positives is accomplished by considering factors such as the environment (dev/prod) and whether the vulnerable function or feature is present in your code base. If we were to develop our own security tools using CI/CD pipelines or something comparable, we'd be stuck with numerous false alerts each week, necessitating manual review.
As previously mentioned, replicating the basic technical features Aikido provides is possible. While it would be a resource-intensive and tedious task, it's certainly achievable (which we started doing at some point before we started using Aikido). However, one challenging aspect to replicate is the capability to integrate various security tools into a single platform/interface, catered to both management and technical personnel.
What do you dislike about the product?
We've only been using the tool for a couple of months so our experience is very limited but I do find myself going through the suppressed findings more often than I would like to admit to ensure it's not suppressing anything it shouldn't. So far, my findings here were limited.
Also, we run a heavy Java backend and the support there is still very limited. The team has let me know that they are already working on it so I'm curious how that will turn out.
We've also had some issues with their Github Action (timeouts mostly) and the team was very helpful in fixing these issues within a business day most of the time.
Also, we run a heavy Java backend and the support there is still very limited. The team has let me know that they are already working on it so I'm curious how that will turn out.
We've also had some issues with their Github Action (timeouts mostly) and the team was very helpful in fixing these issues within a business day most of the time.
What problems is the product solving and how is that benefiting you?
The tool was initially implemented to meet some ISO standards. We already did some (manual) periodic scanning ourselves but Aikido was a great addition since it did the scanning automatically, more frequently and it would provide the necessary reporting to management and auditors.
Aikido is on a promising trajectory and leaves me optimistic about its future.
What do you like best about the product?
In an age where security vulnerabilities are rampant, it's crucial to equip your software development lifecycle with a comprehensive set of tools that can cover every aspect of security. Recently, I had the opportunity to try Aikido, which brings together a multitude of features under one roof.
As a user of this security tool, I've found the Open Source Dependency Scanning (SCA), Static Code Analysis, Open Source License Scanning, and Malware Detection in Dependencies to be an integral part of my development workflow. The SCA keeps me worry-free about vulnerabilities, and I love how the Static Code Analysis catches issues before they even reach the main code. The license scanning has saved me a lot of headaches, letting me know if there are any hidden dangers in the licenses I'm using. And the Malware Detection? It’s like having a silent guardian watching over my code, ensuring nothing malicious sneaks in.
All these features feel well-thought-out and designed with a developer like me in mind. It's not just about security; it's about peace of mind, knowing that my work is safe and sound. It's been a great experience, and I wouldn't want to code without these tools by my side.
As a user of this security tool, I've found the Open Source Dependency Scanning (SCA), Static Code Analysis, Open Source License Scanning, and Malware Detection in Dependencies to be an integral part of my development workflow. The SCA keeps me worry-free about vulnerabilities, and I love how the Static Code Analysis catches issues before they even reach the main code. The license scanning has saved me a lot of headaches, letting me know if there are any hidden dangers in the licenses I'm using. And the Malware Detection? It’s like having a silent guardian watching over my code, ensuring nothing malicious sneaks in.
All these features feel well-thought-out and designed with a developer like me in mind. It's not just about security; it's about peace of mind, knowing that my work is safe and sound. It's been a great experience, and I wouldn't want to code without these tools by my side.
What do you dislike about the product?
It's clear that the tool is on a promising trajectory, and I'm genuinely excited about what's to come. The information provided about detected issues is precise and insightful, making me feel secure in those areas. However, I sometimes wonder if there might be hidden issues not yet brought to light. Despite this concern, I have confidence in the team behind the tool, and I firmly believe that any potential gaps will be addressed in future updates. I'm keeping a close eye on its progress and remain optimistic that this tool will continue to evolve into an even more essential part of my security toolkit.
What problems is the product solving and how is that benefiting you?
As a developer, Aikido has been instrumental in transforming the way I handle third-party code within our projects. With an ever-present need to comply with ISO certification requirements, the tool's capabilities in detecting and reporting vulnerabilities in third-party code have been nothing short of a lifeline.
Before Aikido, the process was time-consuming and labor-intensive, requiring meticulous manual checks that were prone to human error.
Now, Aikido takes care of this critical aspect with efficiency and precision, allowing me to focus on what I do best: creating and innovating.
The tool not only ensures that our code adheres to the stringent standards required for ISO certification but also saves an enormous amount of time that was once spent in the cumbersome process of vulnerability detection.
It's a game-changer in our workflow, delivering both compliance and convenience.
Before Aikido, the process was time-consuming and labor-intensive, requiring meticulous manual checks that were prone to human error.
Now, Aikido takes care of this critical aspect with efficiency and precision, allowing me to focus on what I do best: creating and innovating.
The tool not only ensures that our code adheres to the stringent standards required for ISO certification but also saves an enormous amount of time that was once spent in the cumbersome process of vulnerability detection.
It's a game-changer in our workflow, delivering both compliance and convenience.
A developer first security platform that enables your business
What do you like best about the product?
Our teams have been able to quickly deploy and get value out of Aikido where our previous solution was noisey and cumbersome. The fact that we get all the code coverage we need with SAST+, SCA, IaC, Secrets Detection, Licensing, etc. all in one product is amazing and makes it easy for our engineering teams to see problem areas and fix them quickly. The other major feature of auto-triage has been such a time saver for our teams, telling us if we are actually using those libraries or certain modules in libraries and excluding them if they aren't relevant is so huge for us. This enables our business to focus on fixing critical issues, ignoring irrelevant ones and delivering product to our customers.
Lastly I'd just call out the speed of development/features we are seeing in Aikido. The team fixes bugs quickly, is executing on their roadmap and they are always open to feedback.
Lastly I'd just call out the speed of development/features we are seeing in Aikido. The team fixes bugs quickly, is executing on their roadmap and they are always open to feedback.
What do you dislike about the product?
Aikido is still very new in the space so they don't have some more of the advanced reporting features that more mature products currently have. We have been giving feedback in this space and are excited with what they have coming down the pipe.
What problems is the product solving and how is that benefiting you?
We are a HITRUST compliant organization so we need to meet stringent controls around our SDLC including SAST, Secrets, SCA, etc. Aikido helps us meet all of those controls we have around code in a single platform that is simplistic for our teams to use.
Comprehensive platform to scan your repositories and cloud for vulnerabilities
What do you like best about the product?
It's was super easy to connect our GitHub organization and cloud environment (AWS in our case).
After connecting, Aikido immediately starts to scan them and give you a list of potential issues/vulnerabilities to check. The checks are very broad: package vulnerabilities, committed secrets, security headers web server, vulnerable libraries in containers, ...
Before Aikido we used GitHub's security issues but in most cases the vulnerable packages are dev dependencies and thus not used in production. Aikido skips through that noise and provides us with actionable vulnerabilities.
I really like the Cloud scanning because it's easy to make mistakes with setting up infrastructure (also when doing maintenance or upgrades).
Being able to see the issues/vulnerabilities in one list (compared to GitHub) is also very useful.
As CTO, it's should be nobrainer to adopt a platform like Aikido. A data leak or hack might put you out of business.
After connecting, Aikido immediately starts to scan them and give you a list of potential issues/vulnerabilities to check. The checks are very broad: package vulnerabilities, committed secrets, security headers web server, vulnerable libraries in containers, ...
Before Aikido we used GitHub's security issues but in most cases the vulnerable packages are dev dependencies and thus not used in production. Aikido skips through that noise and provides us with actionable vulnerabilities.
I really like the Cloud scanning because it's easy to make mistakes with setting up infrastructure (also when doing maintenance or upgrades).
Being able to see the issues/vulnerabilities in one list (compared to GitHub) is also very useful.
As CTO, it's should be nobrainer to adopt a platform like Aikido. A data leak or hack might put you out of business.
What do you dislike about the product?
Apart from the great Slack integration, I would love to be able to receive notifications via email.
What problems is the product solving and how is that benefiting you?
Scanning for vulnerabilities, cutting through noise of dev dependencies, scanning our cloud infrastructure, being able to see issues/vulnerabilties in one list across multiple repositories, ... to keep our product secure and save us time.
showing 61 - 66