# #39 - Aikido Attack: a new way of Pentesting, GCP Organisations, and SBOM Vex support ### Features * [**Aikido Attack**](https://www.aikido.dev/platform/attack): Introducing Aikido’s new pentest feature, an AI-driven agent that autonomously scans your entire app, exploring endpoints, UIs, and backend flows to uncover vulnerabilities fast and deliver detailed, actionable results. * [**GCP Organisations + Workload Identity Federation**](https://help.aikido.dev/cloud-scanning/connect-your-cloud/gcp/connect-google-cloud-organization): Connect your Google Cloud Organization once and Aikido will automatically discover all your existing and future projects, including containers in Artifact Registry. * [**SBOM VEX**](https://help.aikido.dev/general-information/generate-sbom-based-on-open-source-packages): Added support for VEX (Vulnerability Exploitability eXchange) in the SBOM export, enabling smarter vulnerability reporting by distinguishing which findings are actually exploitable in your environment. ### **Aikido Intel - Malware & Vulnerability Database** Our research team has discovered over [#41 new vulnerabilities](https://intel.aikido.dev) over the last two weeks! Dive into the challenges of [reducing security noise and how we approach them in our latest blog post](https://www.aikido.dev/blog/autotriage-and-the-swiss-cheese-model-of-security-noise-reduction). ### Improvements * Code Quality - [Added 3 new rules and features 10 additional rules across all plans](https://app.aikido.dev/code-quality/checks) * Code Quality - Bitbucket support for code quality comments * Code Quality - [Markdown language support for custom rules](https://help.aikido.dev/code-quality/add-custom-code-rules) * Container: Added [support for OCI-compatible registries](https://help.aikido.dev/container-image-scanning/standalone-registries/generic-oci-compatible-registry) * Clouds - [Added an additional 9 advanced rules for API Gateway and CIS v6 compliance](https://app.aikido.dev/clouds/checks?cloudCheckType=advanced) * Zen Firewall - Agent releases for [Dotnet](https://github.com/AikidoSec/firewall-dotnet/releases), [Java](https://github.com/AikidoSec/firewall-java/releases), [Python](https://github.com/AikidoSec/firewall-python/releases), [PHP](https://github.com/AikidoSec/firewall-php/releases), [Ruby](https://github.com/AikidoSec/firewall-ruby/releases), [Golang](https://github.com/AikidoSec/firewall-go/releases) and [Node](https://github.com/AikidoSec/firewall-node/releases) * IDE - [VSCode now supports Autofix for depedency vulnerabilities (SCA)](https://marketplace.visualstudio.com/items?itemName=AikidoSecurity.aikido) * IDE - New releases for [VSCode](https://marketplace.visualstudio.com/items?itemName=AikidoSecurity.aikido), [Jetbrains](https://plugins.jetbrains.com/plugin/24993-aikido-security/versions/stable) and [Visual Studio](https://marketplace.visualstudio.com/items?itemName=AikidoSecurity.aikido-visualstudio) * Safe Chain - [New releases add HTTP proxy support and silent mode](https://github.com/AikidoSec/safe-chain/releases) * API - [Endpoint to clone container](https://apidocs.aikido.dev/reference/clonecontainer) * API - [Endpoint to add a public container image](https://apidocs.aikido.dev/reference/addpubliccontainer) * API - [New webhook type for 'container image scanned'](https://apidocs.aikido.dev/reference/webhooks) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/changelog/q4-2025/39-aikido-attack-a-new-way-of-pentesting-gcp-organisations-and-sbom-vex-support.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.