What do you like best about the product?

Our organization implemented Aikido as our main Application Security app to take care of SCA, SAST, Container/Secret Scanning within our code base. Overall, we are very happy with Aikido's performance and ease of use. The deployment was quick and easy thanks to the Bitbucket Cloud integration.

I think the game changing features of Aikido is the auto-ignore capability and the reachability analysis. It helps our development team save time triaging false positives as well as prioritising issues that need to be addressed quickly.

The support we have received from the Aikido team has been top notch.

What do you dislike about the product?

While Aikido has proven to be a valuable tool for us, there are some features that are missing or could be improved. Since we are a small security team, we rely a lot on automation via REST API. For example, the REST API is missing some functionalities where it is not possible at the moment to ignore/snooze/adjust severity of an issue.

The output from the REST/CI API when retrieving details about an issue could have more information (line of code vulnerable, description of the issue, teams responsible, etc...).

However, despite those minor functionalities missing, the team at Aikido has been amazing at implementing new features in record time when we have identified gaps.

What problems is the product solving and how is that benefiting you?

Aikido is helping us with our application security program by assisting our developers found vulnerabilities in our code base and remediate them. The true power of Aikido lies in its ability to auto ignore false positives and therefore save us time to focus on the real issues.