Aikido Security

In some cases Aikido will show less vulnerabilities than other tools. This can have multiple explanations:

The vulnerability could be auto-ignored by the Aikido rule engine. Aikido tries to avoid false postivies. In this case you will find the vulnerability under the 'Ignored' section on the left. You'll also find an explanation of why Aikido thinks this vulnerability does not impact you.

The vulnerability could be marked as a developer-only dependency. By default, Aikido will not report vulnerabilities for dependencies that are only installed on the developer machine. The assumption here is that they will not ship to production and won't impact the security of your live product. Examples of such dependencies are:

- devDependencies in npm's package.json
- dependencies marked with scope=test in Java's pom.xml

- The vulnerability could be auto-ignored by the Aikido rule engine. Aikido tries to avoid false postivies. In this case you will find the vulnerability under the 'Ignored' section on the left. You'll also find an explanation of why Aikido thinks this vulnerability does not impact you.
- The vulnerability could be marked as a developer-only dependency. By default, Aikido will not report vulnerabilities for dependencies that are only installed on the developer machine. The assumption here is that they will not ship to production and won't impact the security of your live product. Examples of such dependencies are:
  - devDependencies in npm's package.json
  - dependencies marked with scope=test in Java's pom.xml

Why does Aikido not find a specific vulnerability or CVE inside a dependency?

Security Overview

Trust Center

Careers

Terms of Use

Privacy Policy

Cookie Policy

Integrations

Login

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you