Add Custom SAST Rules

Use Custom SAST Rules to tailor vulnerability detection to your specific development environment.

Maarten De Schuymer avatar
Written by Maarten De Schuymer
Updated over a week ago


With these custom rules you can make Aikido scan for specific risks in your codebase, especially those risks that are particularly relevant for your environment. This way you can detect vulnerabilities that broader SAST rules might overlook.

Step-by-Step Guide

Step 1: Go to the repositories checks page.

Step 2: Click on "Create Custom Rule" in the SAST section

Step 3: Enter the following details for your rule:

  • Semgrep rule: Define the rule Aikido will search for. Tip: Use the Semgrep playground to test your rule's effectiveness before saving.

  • Title: Name your rule for easy identification.

  • TL;DR: Provide a concise description of the issue. This will show up in the sidebar.

  • How to fix it: Let your team know the best way to fix this issue.

  • Language: Specify the programming language.

  • Aikido Score: Set the priority level for issue reporting in the main Feed.

Step 4: Once you're satisfied with the rule's configuration, click "Save" to add it to your Aikido SAST checks. Your custom rule is now active and will be automatically applied in future scans.

Did this answer your question?