Malware Scanning with Safe Chain in CI/CD environments

Aikido Safe Chain helps you catch malicious files and dependencies before they make it into your codebase.

This page explains how to integrate malware scanning into your CI/CD pipeline. For desktop or server environments follow the instructions on the Aikido Safe Chain page.

Why use malware scanning in CI/CD?

Running scans directly in your pipeline ensures:

Fast feedback – malicious code is flagged before merging or deploying.
Shift-left security – issues are caught early, reducing remediation costs.
Consistent checks – every commit or build is scanned automatically.

Manual set-up

Add Safe Chain to your CI/CD environment set-up

npm install -g @aikidosec/safe-chain

Replace package manager commands with Safe-Chain

Replace any usage of npm with aikido-npm

For example aikido-npm install

Replace any usage of npx with aikido-npx

For example aikido-npx install

Replace any usage of yarn with aikido-yarn

For example aikido-yarn install

Replace any usage of pnpm with aikido-pnpm

For example aikido-pnpm install

Replace any usage of pnpx with aikido-pnpx

For example aikido-pnpx install

Last updated 4 hours ago

Was this helpful?