Skip to main content
General Information
SAST by Aikido: supported languages and security focus

SAST by Aikido: supported languages and security focus

How Aikido SAST currently works

Aikido’s SAST engine is built to find and prioritize security issues in your code. Unlike traditional SAST tools like SonarQube that focus on code readability, style, and maintainability, Aikido focuses exclusively on security. No noise, just the vulnerabilities you need to fix.

Aikido SAST engine is based on our custom risk categorisation model. Some of these categorisation: -

  • Aikido removes findings that are not related to security (eg opinionated code styling rules).

  • Findings that reside in repositories that a user categorized as sensitive will get upgraded.

  • Findings inside of files that are not intended for production (eg unit tests or functions that aren't used in production) might get downgraded and so on.

Our SAST engine also leverage some of the best open-source engines out there, which we have significantly customized and fine-tuned to provide you sharper, relevant results over the years.

To view all individual rules that are active per language, check out our SAST Checks or Infrastructure as Code checks to view the rules per language.

Language support

Aikido is not sensitive to the versions of languages. By default, we support all versions.
Aikido supports tracking tainted user input from top-level controllers to other files where dangerous functions are used for a growing set of languages.

Language

Base engine

Taint analysis

JavaScript

Aikido Engine + Opengrep

Across multiple files

Typescript

Aikido Engine + Opengrep

Across multiple files

PHP

Aikido Engine + Opengrep

Across multiple files

.NET/C#

Aikido Engine + Opengrep

Across multiple files

Java

Aikido Engine + Opengrep

Across multiple files

Scala

Aikido Engine + Opengrep

Within files

C/C++

Aikido Engine + Opengrep

Within files

Swift

Aikido Engine + Opengrep

Within files

Android

Aikido Engine + Opengrep

Within files

Kotlin

Aikido Engine + Opengrep

Within files

Dart

Aikido Engine + Opengrep

Within files

Go

Aikido Engine + Opengrep

Within files

Ruby

Aikido Engine + Opengrep

Within files

Python

Aikido Engine + Opengrep

Within files

Elixir

Aikido Engine + Opengrep

Within files

Rust

Aikido Engine + Opengrep

Within files

Infrastructure-as-code files (Terraform, Cloudformation, Docker,..)

Checkov

Not applicable

Exposed secret discovery in all files inside of Git history

Aikido Base Engine with Liveness Checks + Gitleaks

Not applicable