Kiro IDE

Aikido automatically scans your projects for hardcoded secrets (API keys, tokens), insecure code patterns (SQL injections, path traversal, ..), and outdated or vulnerable dependencies so you can catch issues early and keep your codebase safe.

With Aikido Expansion Packs, you can enable additional tools like MCP to integrate Aikido security knowledge directly into AI agents and AI powered developer workflows, alongside other optional checks.

Scans run automatically whenever you open a file or save changes, making it easy to catch issues early in development.

When security issues are found, they're highlighted directly in your code and listed in the Problems panel. Hover over any highlight to see detailed security context about the issue.

Installation and Authentication

Open Extensions and Install "Aikido Security"

Alternatively use these links to go to the Marketplaces

VS Code
Windsurf / Cursor / Kiro / Google Antigravity

Authenticate with Aikido

Open the Aikido plugin by clicking on the sidebar icon and click on "Connect to Aikido" to authenticate with Aikido platform.

Alternatively you can open up the Command Palette and run Aikido: Log In

If the automated authentication does not work you can manually create a personal access within Aikido by going to the Integrations page and following the instructions.

Try out our examples

Below you can find an example index.js file that can be used to verify if the extension is working correctly, it should detect one SAST issue (SQL injection) and one exposed secret (SQL Server connection string).

const app = {}

app.get("/user", (req, res) => {
    const connStr = "Server=tcp:myserver.database.windows.net,1433;Initial Catalog=mydb;Persist Security Info=False;User ID=myuser;Password=$uperSecret123!@#";
    const username = req.query.username
    const unsafeQuery = `SELECT * FROM users WHERE username = '${username}'`
    sql.connect(connStr).query(unsafeQuery, (err, result) => {
        res.status(200).send(result)
    })
})

Turn on Additional Security Tooling

Extend Aikido in your IDE with Expansion Packs like MCP for AI agents, pre-commit hooks, and Safe Chain. For more details, see the documentation below.

Aikido Expansion Packs

What to explore next

Now that the plugin is installed, you can dive into the features that help you spot security issues while you work:

Real-Time Code Scanning in IDE Open-Source Dependency Scanning (SCA) in IDE Full Workspace Scan in IDE Aikido AI in IDE

Troubleshooting

VS Code - Extension Keeps Disconnecting

Last updated 5 days ago

Was this helpful?

hashtagInstallation and Authentication

hashtagOpen Extensions and Install "Aikido Security"

hashtagAuthenticate with Aikido

hashtagTry out our examples

hashtagTurn on Additional Security Tooling

hashtagWhat to explore next

hashtagTroubleshooting