Enable inline commenting in your SCM for CI Checks

Aikido supports inline comments for Secrets, SAST & IaC issues directly in your SCM software (like GitHub). This feature allows developers to receive security feedback on specific lines of code, helping them resolve issues faster. Configuration is available per repository, so teams can enable it only where needed.

This feature is currently available for GitHub, GitLab Cloud/Server, Bitbucket and Azure DevOps.

Prerequisities

Make sure to have your CI Checks enabled (via the Aikido Dashboard)
You are an admin within Aikido

Enabling Inline Commenting

Step 1: Go to the CI checks page via Integrations > CI > Your SCM

Step 2: Select the repos for which you want to enable the functionality and click Configure scans

Step 3: Enable the toggle for inline commenting. Make sure at least SAST or Secrets scan is enabled.

Step 4: When a new SAST, IaC or secret issue is introduced (based on the scan failure severity), a new comment will be added in your SCM.

Aikido CI API

Slack notifications