SAST by Aikido: supported languages and security focus

How Aikido SAST currently works

Aikido’s SAST engine is built to find and prioritize security issues in your code. Unlike traditional SAST tools like SonarQube that focus on code readability, style, and maintainability, Aikido focuses exclusively on security. No noise, just the vulnerabilities you need to fix.

Aikido SAST engine is based on our custom risk categorisation model. Some of these categorisation: -

• Aikido removes findings that are not related to security (eg opinionated code styling rules).

• Findings that reside in repositories that a user categorized as sensitive will get upgraded.

• Findings inside of files that are not intended for production (eg unit tests or functions that aren't used in production) might get downgraded and so on.

Our SAST engine also leverage some of the best open-source engines out there, which we have significantly customized and fine-tuned to provide you sharper, relevant results over the years.

To view all individual rules that are active per language, check out our SAST Checks or Infrastructure as Code checks to view the rules per language.

Language support

Aikido is not sensitive to the versions of languages. By default, we support all versions.
Aikido supports tracking tainted user input from top-level controllers to other files where dangerous functions are used for a growing set of languages.