Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Accessible & affordable security
What do you like best about the product?
Their transparancy, ease of use, they're improving their tool all the time.
Affordable price with stellar results. Typical competitors have steep pricing that scales with the number of repo's / number of instances running.
Aikido helps us stay ahead of the curve. It educates us about possible liabilities, and it engages the whole engineering team.
Affordable price with stellar results. Typical competitors have steep pricing that scales with the number of repo's / number of instances running.
Aikido helps us stay ahead of the curve. It educates us about possible liabilities, and it engages the whole engineering team.
What do you dislike about the product?
Nothing really, there can be minor UX quirks from time to time but nothing that deminishes it's value.
Big fan and encourage any company (especially start-ups) to get this tool. It's a no-brainer to me
Big fan and encourage any company (especially start-ups) to get this tool. It's a no-brainer to me
What problems is the product solving and how is that benefiting you?
Staying ahead of security liabilities instead of reactive.
It also educates us (the whole engineering team) so in a way they're making us better engineers as well
It also educates us (the whole engineering team) so in a way they're making us better engineers as well
- Leave a Comment |
- Mark review as helpful
You don't know you needed it, till you use it
What do you like best about the product?
As your team, and the complexity of your app scales and changes, you find yourself not able to maintain oversight into all the different security aspects of your codebase. Tools that you get from Cloud providers and Github (bots) are powerful, but provide yet another signal of noise, are all distributed and all only are relevant to a specific aspect of your application security. Other DiY tools to monitor specific aspects all take time to setup and maintain. Aikido is quickly setup and nicely packages up this information in a cohesive way, providing this and the tools to comb through them.
It's nice that it can also be run in CI, so that you can catch things early and integrates nicely with Vanta to help in the efforts related to compliancy.
There's a lot to like, the platform is still young, but Aikido is pushing out new features quite rapidly.
It's nice that it can also be run in CI, so that you can catch things early and integrates nicely with Vanta to help in the efforts related to compliancy.
There's a lot to like, the platform is still young, but Aikido is pushing out new features quite rapidly.
What do you dislike about the product?
It's already able to provide information and report on a lot of the more common security aspects, as well as IaC, CSPM, DAST,... analysis. But it certainly does not give a complete overview yet. To get a more cohesive plaform, it would be nice to also get more information into the security aspect of an active deployment rather than just the codebase and the images. The recently released DAST scans are already a good addition to that.
What problems is the product solving and how is that benefiting you?
Aikido helps us to stay on top of our security issues while eliminating some of the overhead of false positives. It also helps us and made it easy for us in order to become ISO ISO27001 compliant.
easy setup, usefull notifications
What do you like best about the product?
Aikido provides the easiest setup of any of such tools that I have tested so far. I was using it with the Gitlab integration and it recognized all of our repositories. The security warnings it provides are almost always correct and invalid warnings can easily be muted and it learns from this. It even found issues that our previous software could not find.
What do you dislike about the product?
A few times it falsly reported test data as leaked credentials. To be fair though, the data indeed looked like that.
What problems is the product solving and how is that benefiting you?
Aikido ensures that our software is delivered with latest security fixes and as free of potential security issues as possible. Hence, our developers need to spend less time working on tracking vulnerabilities in external (and internal) dependencies.
Out-of-the box instant security
What do you like best about the product?
Aikido Security is very easy to setup and delivers its first results in mere minutes. It combines all the essential security scanning such as repo scanning, cloud security, credential leakage, ... in one package that's easy to use by any development team.
What do you dislike about the product?
Initially we were missing some features and support for code languages. But since this is a product that is rapidely evolving these we're quickly added and since then we haven't had any real dislikes.
What problems is the product solving and how is that benefiting you?
Aikido provides an all-in-one security vulnerability scanner that offers a wide range of support for different security domains. This allows us to streamline our security proces, discover and treat issues a lot faster and gives us one overview of our security posture. It does all of this at a price setting that is affordable for SMB's while giving access to a lot of features that are most commenly found in enterprise plans.
Best developer-centric security platform
What do you like best about the product?
Aikido has been instrumental in keeping our application secure. The platform integrates smoothly with popular CI/CD pipelines and other security tools, facilitating a more streamlined vulnerability management process.
What do you dislike about the product?
The platform has great features and integrations. A deeper Slack integration with a weekly digest would be helpful.
What problems is the product solving and how is that benefiting you?
Aikido has helped us with managing vulnerabilities and keeping our codebase secure, so our developers can spend time in other areas and deliver value to our customers.
Aikido makes security accessible & easy
What do you like best about the product?
Aikido is primarily based on already available tools, making it feasible to replicate the basic technical functionalities it offers. This means they aren't introducing any novel security scanning features. They're also very open about this by providing some references to how and with which tool a certain finding was found.
For our specific use case, I believe Aikido's strength lies in other areas, mostly addressing false positives and providing an easy to use platform to have a full understanding of your security situation.
Addressing false positives is accomplished by considering factors such as the environment (dev/prod) and whether the vulnerable function or feature is present in your code base. If we were to develop our own security tools using CI/CD pipelines or something comparable, we'd be stuck with numerous false alerts each week, necessitating manual review.
As previously mentioned, replicating the basic technical features Aikido provides is possible. While it would be a resource-intensive and tedious task, it's certainly achievable (which we started doing at some point before we started using Aikido). However, one challenging aspect to replicate is the capability to integrate various security tools into a single platform/interface, catered to both management and technical personnel.
For our specific use case, I believe Aikido's strength lies in other areas, mostly addressing false positives and providing an easy to use platform to have a full understanding of your security situation.
Addressing false positives is accomplished by considering factors such as the environment (dev/prod) and whether the vulnerable function or feature is present in your code base. If we were to develop our own security tools using CI/CD pipelines or something comparable, we'd be stuck with numerous false alerts each week, necessitating manual review.
As previously mentioned, replicating the basic technical features Aikido provides is possible. While it would be a resource-intensive and tedious task, it's certainly achievable (which we started doing at some point before we started using Aikido). However, one challenging aspect to replicate is the capability to integrate various security tools into a single platform/interface, catered to both management and technical personnel.
What do you dislike about the product?
We've only been using the tool for a couple of months so our experience is very limited but I do find myself going through the suppressed findings more often than I would like to admit to ensure it's not suppressing anything it shouldn't. So far, my findings here were limited.
Also, we run a heavy Java backend and the support there is still very limited. The team has let me know that they are already working on it so I'm curious how that will turn out.
We've also had some issues with their Github Action (timeouts mostly) and the team was very helpful in fixing these issues within a business day most of the time.
Also, we run a heavy Java backend and the support there is still very limited. The team has let me know that they are already working on it so I'm curious how that will turn out.
We've also had some issues with their Github Action (timeouts mostly) and the team was very helpful in fixing these issues within a business day most of the time.
What problems is the product solving and how is that benefiting you?
The tool was initially implemented to meet some ISO standards. We already did some (manual) periodic scanning ourselves but Aikido was a great addition since it did the scanning automatically, more frequently and it would provide the necessary reporting to management and auditors.
Aikido is on a promising trajectory and leaves me optimistic about its future.
What do you like best about the product?
In an age where security vulnerabilities are rampant, it's crucial to equip your software development lifecycle with a comprehensive set of tools that can cover every aspect of security. Recently, I had the opportunity to try Aikido, which brings together a multitude of features under one roof.
As a user of this security tool, I've found the Open Source Dependency Scanning (SCA), Static Code Analysis, Open Source License Scanning, and Malware Detection in Dependencies to be an integral part of my development workflow. The SCA keeps me worry-free about vulnerabilities, and I love how the Static Code Analysis catches issues before they even reach the main code. The license scanning has saved me a lot of headaches, letting me know if there are any hidden dangers in the licenses I'm using. And the Malware Detection? It’s like having a silent guardian watching over my code, ensuring nothing malicious sneaks in.
All these features feel well-thought-out and designed with a developer like me in mind. It's not just about security; it's about peace of mind, knowing that my work is safe and sound. It's been a great experience, and I wouldn't want to code without these tools by my side.
As a user of this security tool, I've found the Open Source Dependency Scanning (SCA), Static Code Analysis, Open Source License Scanning, and Malware Detection in Dependencies to be an integral part of my development workflow. The SCA keeps me worry-free about vulnerabilities, and I love how the Static Code Analysis catches issues before they even reach the main code. The license scanning has saved me a lot of headaches, letting me know if there are any hidden dangers in the licenses I'm using. And the Malware Detection? It’s like having a silent guardian watching over my code, ensuring nothing malicious sneaks in.
All these features feel well-thought-out and designed with a developer like me in mind. It's not just about security; it's about peace of mind, knowing that my work is safe and sound. It's been a great experience, and I wouldn't want to code without these tools by my side.
What do you dislike about the product?
It's clear that the tool is on a promising trajectory, and I'm genuinely excited about what's to come. The information provided about detected issues is precise and insightful, making me feel secure in those areas. However, I sometimes wonder if there might be hidden issues not yet brought to light. Despite this concern, I have confidence in the team behind the tool, and I firmly believe that any potential gaps will be addressed in future updates. I'm keeping a close eye on its progress and remain optimistic that this tool will continue to evolve into an even more essential part of my security toolkit.
What problems is the product solving and how is that benefiting you?
As a developer, Aikido has been instrumental in transforming the way I handle third-party code within our projects. With an ever-present need to comply with ISO certification requirements, the tool's capabilities in detecting and reporting vulnerabilities in third-party code have been nothing short of a lifeline.
Before Aikido, the process was time-consuming and labor-intensive, requiring meticulous manual checks that were prone to human error.
Now, Aikido takes care of this critical aspect with efficiency and precision, allowing me to focus on what I do best: creating and innovating.
The tool not only ensures that our code adheres to the stringent standards required for ISO certification but also saves an enormous amount of time that was once spent in the cumbersome process of vulnerability detection.
It's a game-changer in our workflow, delivering both compliance and convenience.
Before Aikido, the process was time-consuming and labor-intensive, requiring meticulous manual checks that were prone to human error.
Now, Aikido takes care of this critical aspect with efficiency and precision, allowing me to focus on what I do best: creating and innovating.
The tool not only ensures that our code adheres to the stringent standards required for ISO certification but also saves an enormous amount of time that was once spent in the cumbersome process of vulnerability detection.
It's a game-changer in our workflow, delivering both compliance and convenience.
A developer first security platform that enables your business
What do you like best about the product?
Our teams have been able to quickly deploy and get value out of Aikido where our previous solution was noisey and cumbersome. The fact that we get all the code coverage we need with SAST+, SCA, IaC, Secrets Detection, Licensing, etc. all in one product is amazing and makes it easy for our engineering teams to see problem areas and fix them quickly. The other major feature of auto-triage has been such a time saver for our teams, telling us if we are actually using those libraries or certain modules in libraries and excluding them if they aren't relevant is so huge for us. This enables our business to focus on fixing critical issues, ignoring irrelevant ones and delivering product to our customers.
Lastly I'd just call out the speed of development/features we are seeing in Aikido. The team fixes bugs quickly, is executing on their roadmap and they are always open to feedback.
Lastly I'd just call out the speed of development/features we are seeing in Aikido. The team fixes bugs quickly, is executing on their roadmap and they are always open to feedback.
What do you dislike about the product?
Aikido is still very new in the space so they don't have some more of the advanced reporting features that more mature products currently have. We have been giving feedback in this space and are excited with what they have coming down the pipe.
What problems is the product solving and how is that benefiting you?
We are a HITRUST compliant organization so we need to meet stringent controls around our SDLC including SAST, Secrets, SCA, etc. Aikido helps us meet all of those controls we have around code in a single platform that is simplistic for our teams to use.
Direct Insights on Vulnerability Management
What do you like best about the product?
Aikido Security stands out for its ability to deliver comprehensive, actionable security insights in a user-friendly manner. I was impressed with how quickly and seamlessly it could integrate into existing BitBucket, GitLab and GitHub repositories, and the simplicity of connecting our cloud environment (Google Cloud in this case) was commendable. One of the strongest points about Aikido is its ability to cut through the noise and deliver important, actionable vulnerabilities instead of flooding you with trivial issues or false positives.
What do you dislike about the product?
While Aikido performs impressively, there's some room for improvement, particularly in detailing their reports. For instance, pointing out specifics in the case of large cloud infrastructures would be very helpful.
What problems is the product solving and how is that benefiting you?
The broad range of checks that Aikido covers, from package vulnerabilities and committed secrets to security headers and vulnerable libraries, truly sets it apart from its competitors. Moreover, the platform's cloud scanning is extremely useful and gives you confidence that you're not overlooking any security missteps when setting up infrastructure or doing maintenance.
Aikido also offers code and cloud security in one tool, which was a game changer for us, eliminating the need for multiple tools. The automated reporting is another powerful feature that helps with ISO27001, SOC2 certification, making it a value-added component in our security toolkit.
Aikido also offers code and cloud security in one tool, which was a game changer for us, eliminating the need for multiple tools. The automated reporting is another powerful feature that helps with ISO27001, SOC2 certification, making it a value-added component in our security toolkit.
I love that Aikido makes IT security more accessible
What do you like best about the product?
Knowing how well your software is secured has not always been easy in the past, but Aikido solves this in a very accessible way.
What do you dislike about the product?
I would find it convenient should the tool not only scan the code, but also monitor live whether certain endpoints are being abused.
What problems is the product solving and how is that benefiting you?
Aikido immediately looks at all the packages you are using and considers whether certain packages are no longer safe to use or have security breaches.
showing 21 - 30