Big news! DevSecOps, EU-based company @Aikido Security just announced a $60M Series B at a $1B valuation.
@madelinelawren wrote in their blog announcement:
Today, Aikido is used by 100,000+ teams globally, including customers like the Premier League, SoundCloud, Niantic, and Revolut. Over the past year, we grew revenue 5x and more than tripled our customer base. (...)
The next chapter is about self-securing software. Not security as a reactive activity with dashboards and manual weeks long testing. Rather, software that can secure itself on demand.
SeekWell
Why bother with container scanning if I'm already scanning my code?
Aikido Security
@ruben_camerlynck Code scanning covers your app, but container scanning covers the environment it runs in. It finds vulnerabilities in the OS packages, web servers, or other components of your image. A secure app can still be compromised if the base image has a flaw.
Paraflow
How does Aikido's SCA compare to tools like Snyk for dependency scanning?
Paraflow
What if the scanner flags an intended config or a false positive?
Aikido Security
@pulin_yuuu You can mark findings as "ignored," "accepted risk," or "false positive." Aikido is built to be flexible and avoid blocking your workflows for intended configurations.
Can I integrate SCA into my CI/CD pipeline for automated scanning?
Aikido Security
@tdevcoast Yes, absolutely. Aikido's SCA hooks right into your CI/CD pipeline, so every build or pull request is automatically scanned. This means new vulnerable dependencies get caught and reported before they ever hit production.
Aikido Security
@tdevcoast Yes, absolutely. Aikido's SCA hooks right into your CI/CD pipeline, so every build or pull request is automatically scanned. This means new vulnerable dependencies get caught and reported before they ever hit production.
Trace
How do you ensure our code and data are secure when we connect our repositories to Aikido?
Aikido Security
@stepcha_cherkasov We take security very seriously. We only request read-only access to your repos, and every scan runs in a separate, isolated, and temporary container that is automatically deleted after the analysis is complete. Your data is not stored or shared.
Aikido Security
@stepcha_cherkasov How do you ensure our code and data are secure when we connect our repositories to Aikido?
Trace
How does Aikido’s container scanner work? Does it check OS packages?
Aikido Security
@arthur_romanov Yes, it checks everything inside your container images. It inventories all packages and components and cross-references them against vulnerability databases. If there's a known CVE or an outdated library, Aikido will find it and alert you.
Aikido Security
@arthur_romanov Yes, it checks everything inside your container images. It inventories all packages and components and cross-references them against vulnerability databases. If there's a known CVE or an outdated library, Aikido will find it and alert you.
How do I integrate container scanning into my CI/CD pipeline?
Aikido Security
@andrei_i It's easy. You can embed an Aikido scan as a step in your CI/CD pipeline (e.g., GitHub Actions or Jenkins). This means the scan runs automatically after you build an image, catching issues before they ever get to production.
Aikido Security
@andrei_i It's easy. You can embed an Aikido scan as a step in your CI/CD pipeline (e.g., GitHub Actions or Jenkins). This means the scan runs automatically after you build an image, catching issues before they ever get to production.