# Aikido Security > Aikido is an all-in-one application security platform that scans code, cloud, and runtime environments to find and automatically fix vulnerabilities with AI-powered tools. Aikido Security is a unified application security platform that consolidates code scanning, cloud posture management, runtime protection, and AI-powered penetration testing into a single system. It connects code, cloud, and runtime data to provide contextual vulnerability prioritization, dramatically reducing alert noise so development and security teams can focus on what actually matters. Aikido integrates directly into existing developer workflows — IDEs, CI/CD pipelines, Git systems, and task managers — and generates automated pull requests to fix confirmed issues. The platform is trusted by 50,000+ organizations and is SOC 2 Type II and ISO 27001:2022 certified. - **Open Source Dependency Scanning (SCA):** *Connect your repositories and Aikido continuously monitors dependencies for known CVEs, malware, and license risks, with reachability analysis to filter false positives.* - **Static Code Analysis (SAST & AI SAST):** *Scans source code for security vulnerabilities before merging, with IDE notifications and AI-generated AutoFix pull requests.* - **Cloud Posture Management (CSPM):** *Detects misconfigurations, attack paths, and risks across AWS, GCP, and Azure, including virtual machines and container images.* - **Infrastructure as Code Scanning (IaC):** *Scans Terraform, CloudFormation, and Kubernetes configurations for misconfigurations with one-click AutoFix.* - **Dynamic Testing (DAST) & API Scanning:** *Dynamically tests web apps and APIs for vulnerabilities through simulated attacks, including authenticated scans.* - **Secrets Detection:** *Checks code and CI/CD pipelines for leaked API keys, passwords, and certificates, with liveness detection.* - **Malware Detection:** *Prevents malicious packages from infiltrating the software supply chain, powered by Aikido Intel.* - **AI Pentesting:** *Deploys 200+ AI agents to run audit-grade penetration tests in hours, covering injection flaws, access control, authentication, and business logic issues.* - **Runtime Protection (Zen):** *In-app firewall that blocks SQL injections, prompt injections, bot traffic, and zero-day threats at runtime for Node.js, Python, PHP, .NET, and Java.* - **AutoFix & Bulk Fix:** *Generates reviewable pull requests to fix issues across code, dependencies, IaC, and containers; supports bulk fixing multiple related alerts at once.* - **AutoTriage:** *Evaluates alerts in the context of your environment and deprioritizes issues that pose no real risk, reducing noise by up to 95%.* - **Compliance Support:** *Generates SBOMs (CycloneDX, SPDX, CSV), compliance reports, and audit-ready pentest reports for SOC 2, ISO 27001, and more.* ## Features - Open Source Dependency Scanning (SCA) - Static Code Analysis (SAST) - AI SAST with AutoFix - Cloud Posture Management (CSPM) - Infrastructure as Code Scanning (IaC) - Dynamic Application Security Testing (DAST) - API Scanning - Secrets Detection - Malware Detection in Dependencies - Container Image Scanning - Virtual Machine Scanning - Kubernetes Runtime Security - Runtime Protection (Zen in-app firewall) - AI Pentesting with 200+ agents - Continuous Pentests - Bug Bounty Validation - AutoTriage (noise reduction) - AutoFix pull request generation - Bulk AutoFix - SBOM Generation (CycloneDX, SPDX, CSV) - Open Source License Scanning - Outdated Software Detection - Attack Surface Monitoring - On-Prem / Local Scanning - Hardened Container Images - Reachability Analysis - EPSS-based Prioritization - CI/CD Gating & PR Decorations - SSO (SAML) - Webhooks & Public REST API - Compliance Reports (SOC 2, ISO 27001) - Multi-Tenant Portal - Audit Log - SLA Management - Custom SAST Rules - AI Code Quality Review ## Integrations GitHub, GitLab, Bitbucket, VS Code, JetBrains IDEs, Jira, Linear, Asana, ClickUp, Monday.com, YouTrack, Azure Pipelines, Azure DevOps, Slack, Microsoft Teams, Vanta, Drata, AWS, Google Cloud, Azure, Docker, Kubernetes, Terraform, CloudFormation, Tines ## Platforms LINUX, WEB, API, VSC_EXTENSION, JETBRAINS_PLUGIN, CLI ## Pricing Freemium — Free tier available with paid upgrades ## Links - Website: https://www.aikido.dev - Documentation: https://help.aikido.dev/ - Repository: https://github.com/opengrep/opengrep - EveryDev.ai: https://www.everydev.ai/tools/aikido-security