Aikido Security
Aikido SecurityReviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
137 reviews
from
External reviews are not included in the AWS star rating for the product.
A wonderful security tool loved by engineers and developers
What do you like best about the product?
Aikido allowed us to implement a security by design process smoothly and quickly. My team loves the integration with Jira and how it feels a tool tailored on their needs of engineers (not security experts), no less and no more. Working with Aikido's team has been great, both in supporting us in the selection process and receiving our feedback - many times resulting is a rapid development of new features!
Given the affordable price for me it's a not brainer for any small-medium sized company
Given the affordable price for me it's a not brainer for any small-medium sized company
What do you dislike about the product?
My experience with Aikido has been positive for the most part.
There are few UX/UI tweaks that we had to overcome, but nothing major or that made us rethink of our choice.
There are few UX/UI tweaks that we had to overcome, but nothing major or that made us rethink of our choice.
What problems is the product solving and how is that benefiting you?
We needed a tool to easily identify vulnerabilities in our repositories; Aikido is not only doing it, but it has also become a key component of our secuirty by design process.
A promising new AppSec tool
What do you like best about the product?
Our organization implemented Aikido as our main Application Security app to take care of SCA, SAST, Container/Secret Scanning within our code base. Overall, we are very happy with Aikido's performance and ease of use. The deployment was quick and easy thanks to the Bitbucket Cloud integration.
I think the game changing features of Aikido is the auto-ignore capability and the reachability analysis. It helps our development team save time triaging false positives as well as prioritising issues that need to be addressed quickly.
The support we have received from the Aikido team has been top notch.
I think the game changing features of Aikido is the auto-ignore capability and the reachability analysis. It helps our development team save time triaging false positives as well as prioritising issues that need to be addressed quickly.
The support we have received from the Aikido team has been top notch.
What do you dislike about the product?
While Aikido has proven to be a valuable tool for us, there are some features that are missing or could be improved. Since we are a small security team, we rely a lot on automation via REST API. For example, the REST API is missing some functionalities where it is not possible at the moment to ignore/snooze/adjust severity of an issue.
The output from the REST/CI API when retrieving details about an issue could have more information (line of code vulnerable, description of the issue, teams responsible, etc...).
However, despite those minor functionalities missing, the team at Aikido has been amazing at implementing new features in record time when we have identified gaps.
The output from the REST/CI API when retrieving details about an issue could have more information (line of code vulnerable, description of the issue, teams responsible, etc...).
However, despite those minor functionalities missing, the team at Aikido has been amazing at implementing new features in record time when we have identified gaps.
What problems is the product solving and how is that benefiting you?
Aikido is helping us with our application security program by assisting our developers found vulnerabilities in our code base and remediate them. The true power of Aikido lies in its ability to auto ignore false positives and therefore save us time to focus on the real issues.
Aikido - Perfect security fit for any IT platform
What do you like best about the product?
The standout feature of Aikido Security for me is its ease of use. The platform's wide variety of compatibilities enables seamless integration into our technology stack with minimal effort, especially when compared to configuring multiple separate open-source solutions. I would also like to commend the exceptional support and guidance from their team. They truly understand our needs and we have seamlessly integrated their improvements into our agile workflow. Our weekly sprints have become more robust with their input, ensuring that our platform remains secure. Furthermore, Aikido encourages the adoption of security best practices, transforming it from merely a tool to a partner in our security strategy.
What do you dislike about the product?
My experience with Aikido Security has been predominantly positive.
What problems is the product solving and how is that benefiting you?
Aikido is key in refining our security management. It sharpens our focus on actual security threats, enabling us to tackle genuine vulnerabilities with precision. Furthermore, Aikido provides critical support as we navigate the complexities of achieving compliance with ISO 27001 and SOC 2, laying a solid foundation for robust information security practices.
Useful testing tool
What do you like best about the product?
Comprehensive tool! it scans code repositories and clouds which allow you to gain insights of your application as a whole. The reports are very usefull for less technical people as well.
What do you dislike about the product?
There are still some false positives and I am missing a regex based file filter to exculde tests for example.
What problems is the product solving and how is that benefiting you?
monitor the security of our applications
Accessible & affordable security
What do you like best about the product?
Their transparancy, ease of use, they're improving their tool all the time.
Affordable price with stellar results. Typical competitors have steep pricing that scales with the number of repo's / number of instances running.
Aikido helps us stay ahead of the curve. It educates us about possible liabilities, and it engages the whole engineering team.
Affordable price with stellar results. Typical competitors have steep pricing that scales with the number of repo's / number of instances running.
Aikido helps us stay ahead of the curve. It educates us about possible liabilities, and it engages the whole engineering team.
What do you dislike about the product?
Nothing really, there can be minor UX quirks from time to time but nothing that deminishes it's value.
Big fan and encourage any company (especially start-ups) to get this tool. It's a no-brainer to me
Big fan and encourage any company (especially start-ups) to get this tool. It's a no-brainer to me
What problems is the product solving and how is that benefiting you?
Staying ahead of security liabilities instead of reactive.
It also educates us (the whole engineering team) so in a way they're making us better engineers as well
It also educates us (the whole engineering team) so in a way they're making us better engineers as well
You don't know you needed it, till you use it
What do you like best about the product?
As your team, and the complexity of your app scales and changes, you find yourself not able to maintain oversight into all the different security aspects of your codebase. Tools that you get from Cloud providers and Github (bots) are powerful, but provide yet another signal of noise, are all distributed and all only are relevant to a specific aspect of your application security. Other DiY tools to monitor specific aspects all take time to setup and maintain. Aikido is quickly setup and nicely packages up this information in a cohesive way, providing this and the tools to comb through them.
It's nice that it can also be run in CI, so that you can catch things early and integrates nicely with Vanta to help in the efforts related to compliancy.
There's a lot to like, the platform is still young, but Aikido is pushing out new features quite rapidly.
It's nice that it can also be run in CI, so that you can catch things early and integrates nicely with Vanta to help in the efforts related to compliancy.
There's a lot to like, the platform is still young, but Aikido is pushing out new features quite rapidly.
What do you dislike about the product?
It's already able to provide information and report on a lot of the more common security aspects, as well as IaC, CSPM, DAST,... analysis. But it certainly does not give a complete overview yet. To get a more cohesive plaform, it would be nice to also get more information into the security aspect of an active deployment rather than just the codebase and the images. The recently released DAST scans are already a good addition to that.
What problems is the product solving and how is that benefiting you?
Aikido helps us to stay on top of our security issues while eliminating some of the overhead of false positives. It also helps us and made it easy for us in order to become ISO ISO27001 compliant.
easy setup, usefull notifications
What do you like best about the product?
Aikido provides the easiest setup of any of such tools that I have tested so far. I was using it with the Gitlab integration and it recognized all of our repositories. The security warnings it provides are almost always correct and invalid warnings can easily be muted and it learns from this. It even found issues that our previous software could not find.
What do you dislike about the product?
A few times it falsly reported test data as leaked credentials. To be fair though, the data indeed looked like that.
What problems is the product solving and how is that benefiting you?
Aikido ensures that our software is delivered with latest security fixes and as free of potential security issues as possible. Hence, our developers need to spend less time working on tracking vulnerabilities in external (and internal) dependencies.
Out-of-the box instant security
What do you like best about the product?
Aikido Security is very easy to setup and delivers its first results in mere minutes. It combines all the essential security scanning such as repo scanning, cloud security, credential leakage, ... in one package that's easy to use by any development team.
What do you dislike about the product?
Initially we were missing some features and support for code languages. But since this is a product that is rapidely evolving these we're quickly added and since then we haven't had any real dislikes.
What problems is the product solving and how is that benefiting you?
Aikido provides an all-in-one security vulnerability scanner that offers a wide range of support for different security domains. This allows us to streamline our security proces, discover and treat issues a lot faster and gives us one overview of our security posture. It does all of this at a price setting that is affordable for SMB's while giving access to a lot of features that are most commenly found in enterprise plans.
Best developer-centric security platform
What do you like best about the product?
Aikido has been instrumental in keeping our application secure. The platform integrates smoothly with popular CI/CD pipelines and other security tools, facilitating a more streamlined vulnerability management process.
What do you dislike about the product?
The platform has great features and integrations. A deeper Slack integration with a weekly digest would be helpful.
What problems is the product solving and how is that benefiting you?
Aikido has helped us with managing vulnerabilities and keeping our codebase secure, so our developers can spend time in other areas and deliver value to our customers.
Aikido makes security accessible & easy
What do you like best about the product?
Aikido is primarily based on already available tools, making it feasible to replicate the basic technical functionalities it offers. This means they aren't introducing any novel security scanning features. They're also very open about this by providing some references to how and with which tool a certain finding was found.
For our specific use case, I believe Aikido's strength lies in other areas, mostly addressing false positives and providing an easy to use platform to have a full understanding of your security situation.
Addressing false positives is accomplished by considering factors such as the environment (dev/prod) and whether the vulnerable function or feature is present in your code base. If we were to develop our own security tools using CI/CD pipelines or something comparable, we'd be stuck with numerous false alerts each week, necessitating manual review.
As previously mentioned, replicating the basic technical features Aikido provides is possible. While it would be a resource-intensive and tedious task, it's certainly achievable (which we started doing at some point before we started using Aikido). However, one challenging aspect to replicate is the capability to integrate various security tools into a single platform/interface, catered to both management and technical personnel.
For our specific use case, I believe Aikido's strength lies in other areas, mostly addressing false positives and providing an easy to use platform to have a full understanding of your security situation.
Addressing false positives is accomplished by considering factors such as the environment (dev/prod) and whether the vulnerable function or feature is present in your code base. If we were to develop our own security tools using CI/CD pipelines or something comparable, we'd be stuck with numerous false alerts each week, necessitating manual review.
As previously mentioned, replicating the basic technical features Aikido provides is possible. While it would be a resource-intensive and tedious task, it's certainly achievable (which we started doing at some point before we started using Aikido). However, one challenging aspect to replicate is the capability to integrate various security tools into a single platform/interface, catered to both management and technical personnel.
What do you dislike about the product?
We've only been using the tool for a couple of months so our experience is very limited but I do find myself going through the suppressed findings more often than I would like to admit to ensure it's not suppressing anything it shouldn't. So far, my findings here were limited.
Also, we run a heavy Java backend and the support there is still very limited. The team has let me know that they are already working on it so I'm curious how that will turn out.
We've also had some issues with their Github Action (timeouts mostly) and the team was very helpful in fixing these issues within a business day most of the time.
Also, we run a heavy Java backend and the support there is still very limited. The team has let me know that they are already working on it so I'm curious how that will turn out.
We've also had some issues with their Github Action (timeouts mostly) and the team was very helpful in fixing these issues within a business day most of the time.
What problems is the product solving and how is that benefiting you?
The tool was initially implemented to meet some ISO standards. We already did some (manual) periodic scanning ourselves but Aikido was a great addition since it did the scanning automatically, more frequently and it would provide the necessary reporting to management and auditors.
showing 121 - 130