Device Protection & Netskope

This guide explains how to configure your Netskope Steering Configuration so that Aikido Device Protection works reliably alongside Netskope.

Why This Is Needed

Device Protection inspects and protects software supply chain traffic, the connections your developers make to package registries (npm, PyPI, Maven, NuGet, Go) and developer tool marketplaces (Visual Studio, Cursor, Chrome Web Store), as well as Aikido's own protection services.

When both a corporate VPN/ZTNA and Aikido Device Protection attempt to steer or inspect the same traffic, the two can conflict, leading to unreliable behavior. To avoid this, you should configure VPN/ZTNA to bypass (exclude) the domains that Device Protection handles.

Steps

1. Log in to the Netskope Admin Console.

2. Navigate to Settings → Security Cloud Platform → Steering Configuration.

3. Click the 3 dots for settings on the relevant Steering Configuration (Config) profile you want to modify. Open Edit Configuration → Traffic Steering and make sure "Bypass exception traffic at:" is set to Client.

4. After you've checked this, enter the profile.

5. Open the Exceptions tab.

6. Click New Exception → Domains.

7. Enter the domains listed below (one per line, or as supported by your version of the interface).

8. Save the configuration. Changes typically propagate in 1 hour.

Domains to Exclude

These are the domains Aikido Device Protection intercepts. The list contains package registries, developer tool marketplaces, and Aikido's own protection endpoints.