Aikido requests read-only access to your GitHub organization to analyze your repositories. We use the new GitHub App system, so we don't have to store any tokens in our database at all. After analysis, your code is always wiped from the system.
1. Logging in using GitHub
To get started, navigate to https://app.aikido.dev/ and log in with GitHub. This will look like the screenshot below. Here, Aikido only requests access to your identity on GitHub and the associated email address.
2. Authorizing access to an organization
On the next screen, you can choose to connect a real organization or a sample workspace. If you choose a real organization you will be redirected back to GitHub. Once there, pick the organization you would like to authorize. You can optionally grant access to 1 or 2 repositories instead of all repositories as seen below:
3. Checking results
After granting access and validating the repositories you want to scan, Aikido will automatically start scanning. After about 1 minute, you should see the first results come in!