Aikido Security

What do you like best about the product?

At HotDoc, we integrated Aikido to enhance our secure development practices, and it has quickly demonstrated its worth. The platform is very developer-friendly, offering a seamless onboarding experience, rapid scans, and results that are both clear and actionable, all without overwhelming our teams with unnecessary noise. In contrast to many traditional SAST tools, Aikido feels lightweight but remains effective, providing the right guardrails to support our developers without causing delays. It allows us to maintain security at a pace that aligns with modern software development. I strongly recommend Aikido to security teams who prioritise a secure-by-design philosophy.

What do you dislike about the product?

These aren't major drawbacks, as Aikido is a newer tool and still evolving, but there are areas where the platform is less mature. Its cloud and infrastructure security coverage is not yet as comprehensive as its application code scanning. While integrations with core platforms like Github, Slack, and Jira are strong, support for broader ecosystems is still limited - though this is expected to expand over time.

What problems is the product solving and how is that benefiting you?

Aikido's auto-ignore capability prioritises accuracy over noise by surfacing only vulnerabilities that truly matter. This significantly reduces alert fatigue common with older SAST tools and keeps our developers focused on fixes with real security impact.

The platform's fast, lightweight scans run in minutes and are non-disruptive to our development workflows. Unlike bulky enterprise SAST solutions, Aikido requires no heavy configuration or infrastructure overhead, making it easy to adopt.

With its developer-centric design, Aikido integrates natively with Github and Slack to deliver clear, actionable findings directly into existing workflows. Features like pull-request scans and inline comments minimise context switching for our developers.

What do you like best about the product?

First off, I rarely write reviews, but Aikido absolutely deserves praise.

This tool has been really reliable for MoveInSync's code security pipeline. It's clear that a lot of thought, effort, and love has gone into creating a product that genuinely finds reliable security findings with clear instruction on fixing the issues making shift left mindset seemless.

What I love most about Aikido is its simplicity and false positive filter capability, where you don’t have to jump through hoops of irrelevant findings.

It seamlessly integrates into our DevSecOps pipeline.

The UI is intuitive, the performance is lightning-fast, and the slack support team? Absolutely top-notch.
They’re quick to respond, actively listen to feedback, and are constantly releasing thoughtful improvements.

Having All-in-one: SAST, SCA, Secret Scanning, DAST (still in early stage), CSPM, and api asset monitoring tool in a single tool is really helpful and now I can’t imagine working without it.

This is exactly the kind of innovative tool that reminds me why I love tech in the first place.

Highly recommend.

What do you dislike about the product?

Aikido does provide a local CLI scanner, which we prefer for our DevSecOps workflow, but the experience has been awkward for branch-based development.
We have to run scans locally and manually set the branch each time. In our usage, the CLI treated each branch scan as a separate “repo,” which quickly eats into the repo quota on our plan (e.g., 200 repos), whereas the cloud-connected scanner lets us switch branches on the same repository and re-run without consuming additional repo slots .

For teams with lots of short‑lived branches, that repo-counting behavior makes the local option a little hard to adopt.

Also the PR annotations are cloud-only. Inline PR comments/checks work via the cloud-integrated service (e.g., GitHub/GitLab/Bitbucket).
Local CLI scans do not post PR annotations.

What problems is the product solving and how is that benefiting you?

Aikido has been really reliable for MoveInSync's code security pipeline.
Having All-in-one: SAST, SCA, Secret Scanning, DAST (still in early stage), CSPM, and api asset monitoring tool in a single tool is really helpful and now I can’t imagine working without it.

What do you like best about the product?

We came to Aikido after a frustrating experience with another popular SAST platform. Aikido has be incredibly easy to get started with, and has quickly become an integral part of our security and compliance process. Within an hour of signing up, I was certain that this was the right platform for us. The team has been incredibly responsive to our needs, and we have yet to run into any major issues. The reports are simple and easy to understand, and we get clear and actionable insights from the scans. The workflow in Aikido is quite simple, so everyone on our team has been able to jump in with ease. I highly recommend having a look at them if you want a solid platform for managing your application security.

What do you dislike about the product?

Each issue is assigned a severity. Some issues are lacking context to justify their severity level, but even in these instances, we can easily modify the level and leave justifications where necessary for our compliance process.

What problems is the product solving and how is that benefiting you?

Our organization takes security seriously and maintains compliance certifications to give our users confidence. Aikido makes it easy for us to uphold these strict security standards, simplifying what would otherwise be a complex and time-consuming process.

What do you like best about the product?

Aikido has been a great fit for our needs, with broad coverage across use cases and excellent support whenever we’ve needed it. Compared to other tools we’ve tried, it does a much better job at reducing noise and surfacing what actually matters, which saves our team a lot of time.

What do you dislike about the product?

Enterprise ready, broad set of features and amazing support team!

What problems is the product solving and how is that benefiting you?

Aikido helps us manage security across a wide range of codebases and dependencies without drowning in false positives. The platform consolidates what we need into one place, reduces noise compared to other tools, and gives our team clear, actionable insights. This saves time, improves focus, and helps us address real risks faster.

What do you like best about the product?

The combination of SAST/DAST/CSPM/SBOM/RASP (and other capabilities) is astoundingly useful. All-in-one security scanning and configuration validation may seem mythical and impossible, but it demonstrably is not. It's just that nobody was doing it well.

What do you dislike about the product?

For a young company, you can forgive the fact that there are not as many enterprise capabilities in the platform just yet, but that is definitely something they are aware of and working on as evidenced by the ability to enroll the entire AWS Organization instead of having to enroll each tenant account separately for the cloud security posture management scanning.

What problems is the product solving and how is that benefiting you?

Because the solution provides code and cloud modules, it is possible to link a repo scan (inside risk) with an API or web application scan (outside risk) for an integrated view of real exposure of vulnerabilities. But one of the features that is most valuable in my experience is taking on legacy code risk using the Zen Firewall as a RASP capability. This "in-app" firewall brings swift mitigation of common failings for inherited APIs and other apps whose authors have usually left the company and who never implemented rate limiting or blocking rules/logic.