Aikido Security Reviews

Summary: Very useful application to improve security and compliance, including ISO27001 and others. Good value for money with high engagement from the whole engineering team

Positive: Fantastic support and onboarding process - can speak to someone quickly
Very easy to set-up
Very easy to use and integrate into existing dev cycle
and benefits seen in minutes

Negative: Nothing so far. Ideally would like to see more bands in pricing as the team grows

Summary: Aikido is a no-brainer for any company running business critical software

It keeps you and your business safe, enables developers to be aware of security concerns and is often turned into a learning opportunity

Positive: Instant insights into vulnerabilities
CI/CD ensures vulnerabilities get noticed before merging to production
Autofix is very accurate and saves time
Being able to manage SLA’s
Vanta integration for compliance is easy of mind

Negative: I wish Aikido would solve security issues before I review them. But I’m sure they will cover this in future updates

Summary: Aikido's platform is fantastic and continues to get better every day. Usually, working with security tools is a painful experience but we have been happy with everything so far and found it much easier to use than other tools we've tried in the past. On the rare occasion that we run into issues, they have been quick to help troubleshoot and even push out updates and fixes. Thank you!

Positive: Aikido is a security tool for engineers, built by engineers. It's comprehensive but simple to use. The integrations are easy to set up and are very effective. Aikido does a great job categorizing the severity of issues, explaining the cause of the issue, and how to fix it. The CICD gates are incredibly helpful and effective at preventing new issues from being introduced, while the autofix tool has been useful for cleaning up existing issues.

Negative: The autofix tool is great, but it doesn't update the changelog or the app version so it does require someone to follow up with an additional commit, but it's still incredibly helpful!

Summary: Aikido is a lightweight, effective security tool that prioritizes real risks and fits perfectly into modern dev workflows.

Positive: Really easy integration, nice and clean UI, developer-friendly, low false positives, strong GitHub support.

Negative: None so far, still evaluating and testing other functionalities.

Summary: Once upon a time, in a Galaxy far, far away (Belgium), a company decided that security should be much easier for every company available. Where there was a struggle of different open-source tools to achieve different security goals, Aikido decided to unify them all into what can only be described as an easy-to-use and all-in-one security platform.

All kidding aside, our overall experience with Aikido has been great. Where we used to have open-source tools being managed by ourselves and kind of put together using all kinds of different tools (mostly CI/CD pipelines) or even spent time to manual generate reports, we now have an easy-to-use platform that every user can access and get insights into what security issues are plaguing our repositories, or what newly discovered CVE's popped up in one of our dependencies. The Aikido team is always ready to help you with their top-notch support.

It doesn't matter if you're a startup, governmental organisation, or a large enterprise, security should be a top priority. We chose Aikido to simplify our current setup at the time and are happy that we did so, as it has already saved us time and effort.

Positive: The ease of use.
The filtered overview that makes you focus on the issues that matter.
Integration with Github Actions.
The all-in-one aspect of it (Aikido offers a lot of different features).
Autofix functionality (automatically creating PRs containing security fixes).
Insights into actual security issues within the platform (background information on CVE, best practices, or actual misconfiguration).

Negative: There were not many things, but from the overview pages (like the overview of containers or the home feed), it was sometimes hard to tell what was scanned in terms of branches, container versions, etc. (at least in the beginning). This, however, was just a matter of diving into the actual scan result, and you could easily see what was exactly scanned (which branch, container version). You'll quickly learn that default branches and most recent container tags are often the scanned objects.