Skip to main content

Changelog

New product updates & features from the Aikido team.

AI Autofix for SAST & IaC released

Nov 08, 2024

Features

  • Autofix SAST: Now preview or auto-generate a pull request with code fixes for discovered SAST and IaC vulnerabilities

  • GDPR report: Generate reports for GDPR compliance

  • SAST for Elixir: You can now find code vulnerabilities in Elixir projects with Aikido SAST

  • Add local repos to workspace: You can now add your locally scanned repos to an existing workspace (Enabled by request)

Improvements

  • Status filter: Ability to filter issues on the main feed by item Status for improved task management

Vulnerability Database

Our research team has discovered over 61 new vulnerabilities over the last two weeks!

Release gating now support by Aikido CLI

Oct 24, 2024

Features

  • CLI based release gating: Aikido CLI now supports release gating based on security checks

  • Enriched Pull Requests: More detailed PR decoration with Aikido Autofix for, BitBucket and GitLab

Improvements

  • Dashboard sidebar redesigned for improved user experience

  • End of Life issue detection support added for .NET projects

Vulnerability Database

Our research team has discovered over 32 new vulnerabilities including 8 Critical and 6 High over the last two weeks!

Improved compliance visibility with automated HiTrust reports

Oct 11, 2024

Features

Improvements

  • Feed: Option to filter issues by severity

  • Secret Scanning: Secrets scanning added for BitBucket pipelines

  • SCA:

  • End of Life (EOL): Support added for Azure AKS, AWS EKS, kubernetes on GCP

  • User Settings

    • Admin users can now disable/enable auto onboarding in settings/users

    • Added toggles to control default permissions of new users

  • Integrations: Users can now see and enable extra unmapped SonarQube rules

  • Public API:

    • Support for (un)linking assets (repos, clouds,…) to a team

    • Support for obtaining counts of a single issues

    • Reachability status for single issue added

    • Support for creating custom SAST rules (detail, add, edit, delete) through API

In-app firewall now available for python

Sep 27, 2024

Features

  • In-app firewall Zen launched for Python - Zen now supports Python and is compatible with Django, Flask, Quart, and Starlette. It automatically blocks critical injection attacks, adds API rate limiting, and more.

  • Dependency Autofix PRs- Aikido can now automatically create daily pull requests for bulk dependency upgrades

  • Native Thoropass integration - Aikido can now automatically push compliance checks as evidence into Thoropass

Improvements

Vulnerability Database

Our research team has discovered over 28 new vulnerabilities over the last two weeks including 3 Critical and 3 High!

Generate HIPAA compliance reports from your Aikido Dashboard

Sep 13, 2024

Features

🚀 HIPAA reporting: You can now generate a HIPAA compliance report directly from the Aikido reports tab

🚀 CI Scan History: View the Pull Request history for CI scans in all your integrated CI clients

Improvements

  • Issues in Vanta now mapped to container images

  • Multiple tags and labels supported for Jira / Linear tickets

  • Compliance reporting is grouped per measure providing more visibility in overall compliance

Vulnerability Database

Our research team has discovered over 26 new vulnerabilities over the last two weeks!

Assign team responsibility based on repository paths

Aug 30, 2024

New Features

🚀 Path-based responsibility for teams within a repository.

Teams can separate responsibility within a code repo based on path allowing more control for mono-repos.

✅ Default CI configuration added for new repositories

Enable default CI configurations for all new repositories to prevent missed scans.

Improvements & bug fixes

  • Get firewall Slack notifications during attacks with Aikidos in app firewall Zen.

  • Clojure was added to supported languages for SCA.

  • PR scan history included in scan history page for local scanning.

  • Team-only users now have access to stats in the feed and ignored pages.

Vulnerability Database

Our research team has discovered over 12 new vulnerabilities over the last two weeks!

Agentless Virtual Machine scanning in AWS & Vanta vulnerability page integration

Aug 16, 2024

New Features

🚀  Agentless Virtual Machine scanning in AWS (docs)
Aikido can now scan your AWS EC2 instances for vulnerabilities. We're stoked to be launching this new feature! Some competitors call this cloud workload protection (CWP), some "sidescanning",... We decided to call it by what it is & actually does: Agentless Virtual Machine scanning. Get 100% coverage, from code to cloud, without any agents. Contact us if you'd like to have access to this feature.

🚀  Aikido is now integrated into Vanta’s Vulnerability Page (vanta’s docs)
Vanta now pulls in Aikido’s vulnerabilities directly into their vulnerability page. This allows you to manage your SLAs for multiple security tools directly in Vanta. The page in Vanta provides a high-level overview of all the detected, remediated, or ignored vulnerabilities on all your servers and containers.

Improvements & bug fixes

  • Virtual Machine scanning: You can now set the purpose of the environment, so Aikido can better process results.

  • Firewall: You can now configure an IP allowlist on routes, this helps to ensure admin APIs are only accessible from your office or company VPN.

  • CI/CD Integration: We now display the CI scan history in the UI, so you can see which scans passed or failed & explore the details. (go to app)

  • Local Scanner: We now support image PR gating

  • Reporting: You can now check how you do on PCI compliance (check the report)

  • SAML: Aikido now auto-creates teams when there’s no teams configured yet

  • Autofix: We now support private nuget/NPM registries (docs)

  • You can now set your preferred scanning frequency (if you’re on a paid plan)

Vulnerability Database

Our research team has discovered over 20 new vulnerabilities over the last two weeks! (vulnerability database)

JetBrains IDE plugins & Acces Controls for GitLab

Aug 02, 2024

New Features

🚀 JetBrains IDE plugins (docs / JetBrains Marketplace)
We’ve released our JetBrains IDE plugin. (Supporting GoLand, IntelliJ IDEA, PhpStorm, PyCharm, Rider, WebStorm) Scan your codebase for secrets, API keys and SAST code issues, while coding!

🚀 Access Controls for GitLab
Aikido can now check for critical access control issues. (Think of multi-factor authentication, restricting default access rights, requiring mandatory code reviews,...) This way, you can ensure that only authorized and verified changes are made to your codebase.

Improvements & bug fixes

  • Autofix: Now supports ruby on rails

  • Dependency scanning: Broader coverage C++/CPP

  • Firewall (GitHub)

    • The firewall overview page has been redesigned

    • You can now manage the firewall app via API. Helpful when you have 100s of apps that you want to add!

    • You can now set your app’s environment (staging/dev/prod)

    • Firewall can now recognize and index graphQL operations

  • SAML: You can now sync rights & teams directly to Aikido.

  • Domains: You can now adapt linked assets (container/repo) when editing a domain

  • Local Scanner:

    • PR scanning support has arrived! You can now do both PR gating and release gating.

    • Support for lockfile-less C++ added

  • Domains (Dynamic testing): You can now edit linked assets (repo/container) while editing a domain.

  • Tines Marketplace Integration: We’ve created pre-built stories on the Tines marketplace, making integration with tines dead-simple.

Vulnerability Database

Our research team has discovered over 10 new vulnerabilities over the last two weeks! (check out our vulnerability database)

Sprinto integration & extended coverage for secret liveness detection

Jul 19, 2024

New Features

🚀 Sprinto integration (integration details)
Aikido now supports Sprinto, so you can automate your technical vulnerability management reporting.

🚀 Extended coverage for secret liveness detection (docs)
Aikido is now able to check for many different new types of secrets if they are live: Slack tokens, GitLab PAT, Hubspot tokens and many more...

Improvements & bug fixes

  • SBOMs: You can now also export your SBOM in SPDX format.

  • Firewall: We now support the Micro framework (see docs)

  • Issue types filters: It’s now possible to multi select filters. (in the feed and the ignored issues view)

  • Azure DevOps: You can now add trusted domains to allow auto-onboarding. (see docs)

Vulnerability Database

Our research team has discovered over 22 new vulnerabilities over the last two weeks! (check out our vulnerability database)

Secrets liveness detection, GitHub access control checks & Sprinto integration

Jul 07, 2024

New Features

🚀 Secrets liveness detection (docs)
Aikido now checks if exposed secrets are still active and assesses their potential risks. Issue's severity is adapted based on this information. (Think of GitHub Access Tokens, Sendgrid tokens, Stripe tokens, slack tokens,…) Aikido filters the noise in detected secrets even better than before!

🚀 GitHub access control checks (docs)
Aikido can now check for critical access control issues. (Think of multi-factor authentication, restricting default access rights, requiring mandatory code reviews,...) This way, you can ensure that only authorized and verified changes are made to your codebase.

Improvements & bug fixes

  • SLAs: Aikido can now automatically create tasks for issues that go out of SLA (ask us for access to this feature via in-app chat)

  • Firewall:

    • We added blocking/nonblocking mode in the UI

    • SSRF protection: blocks SSRF attacks by intercepting and validating requests to internal services.

  • Dependency scanning: Support for deno.lock (for JS) (check lockfile support in docs)

  • Feed: When you hover over the toggles you now get a detailed view on how Aikido has refined the findings.

  • SAML: We now support SAML via Google Workspace! (docs)

  • Jira integration: You’re now able to map severities to their correlating priorities in Jira

Vulnerability Database

Rate limiting for Next.js & secret scanning in PRs

Jun 23, 2024

New Features

🚀 Firewall
We've added rate limiting for Next.js! Protect against excessive traffic & attacks by limiting the number of requests from a single source.

🚀 Detect secrets in PRs (GitHub checks & Azure Checks)
Enable Aikido's CI Gating for GitHub checks or Azure checks to detect secrets in PRs. Make sure no secrets get pushed live.

Improvements & bug fixes

  • CI Gating - GitHub checks & Azure Checks: Snooze/unsnooze results in PR becoming green/red instantly

  • Container image scanning: Nexus container registry is now supported (docs)

  • Autofix:

    • Support added for autofixing Java dependencies (docs)

    • GitHub autofix: We now autoclose old PRs when new ones are created for the same lockfile

  • Dependency scanning: Support for Conda requirements.yml (Python)

  • SAML: 3-Legged OAuth2 flow support added (see apidocs)

Vulnerability Database

Our research team has discovered over 14 new vulnerabilities over the last two weeks! (check out our vulnerability database)

Authorized DAST, GitLab Self-Managed Issues & SAML support

Jun 09, 2024

Features

🚀 Authorized DAST launched
You can now check if logged in users could break your application or access sensitive data. (docs)

🚀 GitLab Self-Managed Issues
You can now create issues in your GitLab server, directly from Aikido.

🚀 SAML support
Single sign-on (SSO) like Okta, is now supported. (docs)

Improvements

  • Local scanner v1.0.2:

    • Yarn lockfiles using package manager specs in their versions are now supported

    • There’s a new --exclude option, so you can exclude certain paths from being scanned.

    • Secret detection is now supported

  • Firewall:

    • Now compatible with Next.js

    • Rate limiting by API route possible in the Aikido UI

    • Rate limiting for wildcards now available

  • Dev dependencies support for JS & Python (Contact us to enable this feature)

  • Autofix: We now support .NET

  • Trends over time: New graph added: “New & Handled Issues”, see how many issues were handled (solved/ignored). (check it out in-app)

  • Azure DevOps: Multi-branch scanning is now available

  • Azure Pipelines CI: PR checks now possible (docs)

  • Public API: You can now also delete teams (docs)

  • User management: You can now invite users to join a workspace via Gmail, Microsoft Login or Personal GitHub accounts (docs)

Bulk autofix, GitHub PR checks & Wordpress vulnerability detection

May 26, 2024

New features

🚀 Bulk autofix
It’s now possible to fix vulnerabilities by upgrading dependencies, in bulk. (check it out in-app)

🚀 GitHub PR Checks
You can now configure PR checks directly in Aikido, no code needed. Configure repos in bulk, roll them out automatically and save costs (CI minutes) too! (go to docs)

🚀 Wordpress vulnerability detection
Aikido now detects vulnerabilities inside of your Wordpress instance & its plugins! We’re using Wordfence’s database (A vuln feed that Trivy doesn’t support natively) under the hood. 🙏

Improvements & bug fixes

  • Visual Studio Code IDE integration: You can now report false positives & false negatives (undetected issues) to Aikido, straight from your IDE! (check out the plugin)

  • Aikido Vulnerability Database: We gave the website a small facelift 😉

  • Public API: Single issue detail now exposes more issue type specific fields. Giving you more detail when needed! (go to docs)

  • Public API: You can now adjust issue severity, listing of users in a team and snooze/ignore single issues

  • Aikido Firewall: You can now identify users and block them when you notice suspicious behavior.

  • Azure Boards: You can now specify the work item in which an issue should be created.

  • Azure Boards: You can now assign tickets to specific Azure Boards teams, directly in Aikido.

  • Azure DevOps: Autofix support has arrived! (go to docs)

IDE plugin, Asana support & a new help center

May 12, 2024

New features

🚀 IDE Plugin for Visual Studio Code
We’ve launched the first version of our IDE plugin! Now you can help your developers spot vulnerabilities early & fix them before they commit. (integration details)

🚀 Asana
Using Asana for coordinating your team’s tasks? Time to connect it to Aikido! (integration details)

🚀 Help center platform update:
We now run on Outverse instead of Intercom. Way more easy to navigate, more dev friendly and a search that works very well. And also, dark mode. 🌓

Improvements & bug fixes

  • Licenses report: We’ve launched multi-select filters (languages, repos, containers) that allow you to filter and drill down to the level of detail you’d like to see. These filters work for exports too! (check it out in-app)

  • Linear integration: You can now indicate which labels should be added to issues by default.

  • Linear integration: Aikido severities are now mapped to Linear issue priorities.

  • ClickUp integration: Aikido severities are now mapped to ClickUp task priorities

  • Aikido Local Scanner: Repo gating is now possible for the Aikido local scanner! (check the docs)

  • Teams: You can now link teams directly to containers instead of workaround via repos.

  • User Access Rights: Team only users can now resolve and unresolve secrets

Task manager improvements

Apr 28, 2024

New features

🚀 Task manager integrations improvements:

  • You can now link existing Jira data center issues or GitHub issues to Aikido issues.

  • When sending an issue to Jira, we now share more detailed information about the filename in the description.

Improvements & bug fixes

  • License reports: We’ve added a team and license type filter to our license reports!

  • Onboarding: We’ve improved the user interface for repo selection during onboarding. Making onboarding even faster.

  • Aikido Firewall: You can now see a list of all outbound domains and API endpoints.

  • Slack integration: We now post the issue type to slack as well.

  • Local scanner: We’ve added release gating. Set it up by configuring the container image scanner to ‘fail on’ the severity level of your choice (read the docs)

  • Surface monitoring (DAST): You can now choose to scan daily/weekly or on-demand for Nuclei domains.

  • Container image scanning: You can now configure multi-tag container scanning for public images

Firewall for Node.js, bun lockfile support

Apr 14, 2024

New features

🚀 Web Application Firewall for Node.js
We’ve launched the first version of our runtime protection solution. It’s an “embedded WAF” With one line of extra code and no additional dependencies, Aikido firewall becomes your in-server application firewall, monitoring SQL/NoSQL queries to prevent all common and critical injection and prototype pollution attacks—without requiring your intervention. (go to github repo)

🚀 Bun lockfile support
Aikido now detects CVEs and licenses in your Bun lockfiles. Aikido is one of the only security platforms with this feature! (check out lockfile support)

Improvements & bug fixes

  • Task tracker integrations: You can now unlink issues

  • Task tracker integrations: Manage the default label in Jira Cloud & Jira on Prem

  • Public API: You can now snooze an issue, ignore an issue and detect failed CI gating

  • GitHub actions: Aikido can now post SAST review comments inline

  • Local Scanner: The Aikido local scanner can now scan your container images as well!

  • Local Scanner: Support for .jar files added

  • Infrastructure as Code (IaC): We added support for Ansible

  • Container Image Scanner: Support for scanning public AWS ECR images