Aikido brings together software security tooling that you otherwise have to set up manually, or buy at expensive prices. We focus on cutting out the false positives.

Aikido scans the following in your Code & Cloud:

- Dependency vulnerabilities (SCA) with reachability analysis: scans which functions actually expose you (alternative for Trivy, Dependabot, Renovatebot or Snyk)

- Open-source license risks: checks for dual, non-reputable, or risky licenses (alternative for manual export, BlackDuck, or Fossology)

- Cloud posture (CSPM): (mis)config checks on your AWS, GCP & Azure (alternative for CloudSploit, AWS inspector, or Orca)

- Leaked & exposed secrets: API keys, passwords, encryption keys, etc. (alternative for Gitguardian or Gitleaks)

- Static Code Analysis (SAST): checks your code for security risks

- Surface Monitoring (DAST): implements OWASP ZAP and dynamically tests domains (alternative for Detectify)

- Infrastructure as Code scanning: Kubernetes, Terraform, ... (alternative for Checkov)