# #36 - Supply chain protection, Enterprise Code Quality, and Stronger secrets detection ### Features * **Prevent malware with Aikido Safe Chain**: Protect yourself from [JavaScript supply chain disasters](https://www.aikido.dev/blog/we-got-lucky-the-supply-chain-disaster-that-almost-happened) with [Aikido’s package manager protection](https://help.aikido.dev/code-scanning/aikido-malware-scanning). Block malware before they reach your machine, powered by Aikido Intel threat feed. * [**Code Quality**](https://help.aikido.dev/code-quality/code-quality-overview) **for Cobol, Visual Basic, ABAP and Pascal:** Aikido now flags COBOL paragraphs that sprawl without structure, ABAP custom code that bypasses naming standards, deeply nested Pascal logic and other common code quality mistakes. Helping you reduce long-term maintenance and security risks. * [**Secrets Detection Upgrade**](https://help.aikido.dev/code-scanning/scanning-practices/live-secret-detection): Aikido’s secret scanning is now far more accurate, with fewer false positives and fewer false negatives. Check out [our blog post for a deep dive into how our detection works](https://www.aikido.dev/blog/secrets-detection-what-to-look-for-when-choosing-a-tool). ### **Aikido Intel - Malware & Vulnerability Database** Our research team has discovered over [#48 new vulnerabilities](https://intel.aikido.dev) over the last two weeks! This was a busy month for npm attacks. Aikido Intel discovered the [chalk/debug attack (the largest in history)](https://www.aikido.dev/blog/we-got-lucky-the-supply-chain-disaster-that-almost-happened), the [Shai-Hulud attack (breakdown here)](https://www.aikido.dev/blog/bugs-in-shai-hulud-debugging-the-desert), and the [S2ngularity NX campaign](https://www.aikido.dev/blog/s1ngularity-nx-attackers-strike-again) from the same threat actor. ### Improvements * Cloud - Added Azure GovCloud support * Domains & API’s - [Exclude and add additional subdomains from Attack Surface scanning](https://help.aikido.dev/dast-surface-monitoring/attack-surface-scanning/add-or-ignore-subdomains-in-attack-surface) * Domains & API’s - [It’s now possible to review leaked passwords](https://help.aikido.dev/dast-surface-monitoring/attack-surface-scanning/reviewed-leaked-credentials-and-passwords) * Zen Firewall - Agent releases for [Dotnet](https://github.com/AikidoSec/firewall-dotnet/releases), [Java](https://github.com/AikidoSec/firewall-java/releases), [Python](https://github.com/AikidoSec/firewall-python/releases), [PHP](https://github.com/AikidoSec/firewall-php/releases), [Ruby](https://github.com/AikidoSec/firewall-ruby/releases) and [Node](https://github.com/AikidoSec/firewall-node/releases) * Safe Chain - [Added support for `pnpm i`](https://help.aikido.dev/code-scanning/aikido-malware-scanning) * IDE - New releases for [VSCode](https://marketplace.visualstudio.com/items?itemName=AikidoSecurity.aikido), [Jetbrains](https://plugins.jetbrains.com/plugin/24993-aikido-security/versions/stable) and [Visual Studio](https://marketplace.visualstudio.com/items?itemName=AikidoSecurity.aikido-visualstudio) * Reports - [New insights into SLA compliance and remediation speed](https://app.aikido.dev/reports/sla/stats) * Integrations - Added [Secureframe](https://support.secureframe.com/hc/en-us/articles/43290983349139-Aikido) * API - [Added rate limits to limit abuse](https://apidocs.aikido.dev/reference/rate-limiting) * API - [Added endpoint to configure header authentication for API scans](https://apidocs.aikido.dev/reference/updatedomainauthenticationheaders) * API - [Added endpoint to upload OpenAPI / Swagger spec](https://apidocs.aikido.dev/reference/updatedomainopenapispec) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/changelog/q3-2025/36-supply-chain-protection-enterprise-code-quality-and-stronger-secrets-detection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.