#36 - Supply chain protection, Enterprise Code Quality, and Stronger secrets detection

Features

• Prevent malware with Aikido Safe Chain: Protect yourself from JavaScript supply chain disasters with Aikido’s package manager protection. Block malware before they reach your machine, powered by Aikido Intel threat feed.

• Code Quality for Cobol, Visual Basic, ABAP and Pascal: Aikido now flags COBOL paragraphs that sprawl without structure, ABAP custom code that bypasses naming standards, deeply nested Pascal logic and other common code quality mistakes. Helping you reduce long-term maintenance and security risks.

• Secrets Detection Upgrade: Aikido’s secret scanning is now far more accurate, with fewer false positives and fewer false negatives. Check out our blog post for a deep dive into how our detection works.

Aikido Intel - Malware & Vulnerability Database

Our research team has discovered over #48 new vulnerabilities over the last two weeks! This was a busy month for npm attacks. Aikido Intel discovered the chalk/debug attack (the largest in history), the Shai-Hulud attack (breakdown here), and the S2ngularity NX campaign from the same threat actor.

Improvements

• Cloud - Added Azure GovCloud support

• Domains & API’s - Exclude and add additional subdomains from Attack Surface scanning

• Domains & API’s - It’s now possible to review leaked passwords

• Zen Firewall - Agent releases for Dotnet, Java, Python, PHP, Ruby and Node

• Safe Chain - Added support for pnpm i

• IDE - New releases for VSCode, Jetbrains and Visual Studio

• Reports - New insights into SLA compliance and remediation speed

• Integrations - Added Secureframe

• API - Added rate limits to limit abuse

• API - Added endpoint to configure header authentication for API scans

• API - Added endpoint to upload OpenAPI / Swagger spec