All Collections
Getting Started with Aikido Security
General Information
SAST by Aikido: supported languages and security focus
SAST by Aikido: supported languages and security focus
Roeland Delrue avatar
Written by Roeland Delrue
Updated over a week ago

How Aikido SAST currently works

Aikido runs a SAST engine based on best-in-class open-source scanners. The goal of this module is to find security issues in your code. This puts Aikido in a separate category from other SAST engines. For example, SonarQube is also a SAST engine, but with a focus on readability, code style, and maintainability. Aikido will only give you security-related findings.

On top of the findings from open-source engines, Aikido runs its own risk categorization engine. Aikido removes findings that are not related to security (eg opinionated code styling rules). Findings that reside in repositories that a user categorized as sensitive will get upgraded. Findings inside of files that are not intended for production (eg unit tests) might get downgraded and so on.

To view all individual rules that are active per language, check out our SAST Checks or Infrastructure as Code checks to view the rules per language.

Language support


Base engine


Semgrep with custom rules


Semgrep with custom rules


Semgrep with custom rules


Semgrep with custom rules


Semgrep with custom rules


Semgrep with custom rules


Semgrep with custom rules


Semgrep with custom rules


Gosec + Semgrep with custom rules





Infrastructure-as-code files (Terraform, Cloudformation, Docker,..)


Exposed secret discovery in all files inside of Git history


Future roadmap

Aikido is extending support to more languages and frameworks using both open-source engines and proprietary engines. On top of this, Aikido is reinventing SAST for security by investing in engines that are capable of multi-file analysis. Almost all current engines are only capable of single-file analysis, which makes them blind to a lot of risks and causes many false positives.

Did this answer your question?