How to improve risk scoring for your repositories

How to improve risk scoring for your repositories

Aikido allows you to add contextual info to all your repositories. This info can help Aikido uncover more security risks and can help Aikido score issues. For example, adding a domain name can allow Aikido to scan for issues including SSL, cookie misconfiguration, XSS attacks,.. Secondly, adding info about the data sensitivity of each repo can help prioritize the correct security issues. An issue found in a code repo that is responsible for handling personal information will be scored higher than a repo that never touches any sensitive data.

To get started:

1. Log into your Aikido account and navigate to 'Repositories':

2. Select any repository, and navigate to 'Configure' on top:

2b. Alternatively, you can stay on the overview of the repositories, and click on the overflow menu all the way at the right, and select 'Configure':

3. Here you will be able to configure the following settings:

  • Connection to the internet: For each repository, you can specify whether the service/repository is connected to the internet via HTTP(S). There are three options:

    • Yes: Select this option if the repository is accessible over the internet using HTTP(S).

    • No: Choose this option if the repository is not connected to the internet.

    • Unknown: If you're unsure about the repository's internet connection status, select this option.

  • Specify the Domain (if applicable): If the repository is connected to the internet, you can provide the domain of the service (e.g., https://example.com). This will activate Aikido's dynamic testing for surface monitoring (DAST). This is powered by OWASP ZAP.

  • Setting Sensitivity Levels

    • Choose Sensitivity Level: Aikido allows you to define the sensitivity level of the data managed by each service/repository. This helps tailor the scanning process to the importance of the data. Sensitivity levels range from "Not Sensitive at All" to "Extremely Sensitive."

    • For each repository, choose the sensitivity level that best represents the data it manages. Consider the nature of the data, its confidentiality, and potential impact if compromised.

    • Updating the sensitivity level will influence the scoring mechanism of Aikido:

If you encounter any issues during the setup process or have further questions, please don't hesitate to reach out to our dedicated support team (help@aikido.dev) or through the chat button at the bottom right inside the product. We're here to assist you every step of the way.