#39 - Aikido Attack: a new way of Pentesting, GCP Organisations, and SBOM Vex support

Features

• Aikido Attack: Introducing Aikido’s new pentest feature, an AI-driven agent that autonomously scans your entire app, exploring endpoints, UIs, and backend flows to uncover vulnerabilities fast and deliver detailed, actionable results.

• GCP Organisations + Workload Identity Federation: Connect your Google Cloud Organization once and Aikido will automatically discover all your existing and future projects, including containers in Artifact Registry.

• SBOM VEX: Added support for VEX (Vulnerability Exploitability eXchange) in the SBOM export, enabling smarter vulnerability reporting by distinguishing which findings are actually exploitable in your environment.

Aikido Intel - Malware & Vulnerability Database

Our research team has discovered over #41 new vulnerabilities over the last two weeks! Dive into the challenges of reducing security noise and how we approach them in our latest blog post.

Improvements

• Code Quality - Added 3 new rules and features 10 additional rules across all plans

• Code Quality - Bitbucket support for code quality comments

• Code Quality - Markdown language support for custom rules

• Container: Added support for OCI-compatible registries

• Clouds - Added an additional 9 advanced rules for API Gateway and CIS v6 compliance

• Zen Firewall - Agent releases for Dotnet, Java, Python, PHP, Ruby, Golang and Node

• IDE - VSCode now supports Autofix for depedency vulnerabilities (SCA)

• IDE - New releases for VSCode, Jetbrains and Visual Studio

• Safe Chain - New releases add HTTP proxy support and silent mode

• API - Endpoint to clone container

• API - Endpoint to add a public container image

• API - New webhook type for 'container image scanned'