Aikido Security Reviews & Product Details

It feels like having a calm, senior engineer sitting next to me during code reviews. Instead of yelling about every possible issue, Aikido focuses on the things that actually matter. The low noise is a huge deal for us, because once a tool starts crying wolf, engineers stop listening. I also really like how we can encode our own standards and domain knowledge as custom rules. Over time, it starts to feel less like a generic tool and more like something that understands how our team thinks and writes code. Review collected by and hosted on G2.com.

If I had to nitpick, the value of some advanced features like custom rules is not obvious immediately. It really shines after you have used it for a while, but the initial “aha” moment could come a bit faster. Review collected by and hosted on G2.com.

Aikido Security has been a standout platform for us thanks to its simplicity, speed, and accuracy. The onboarding experience was incredibly smooth, and the platform immediately gave us clear, actionable insights without the usual noise you get from traditional SAST tools.

Their customer support is exceptional — responsive, knowledgeable, and genuinely invested in helping us improve our security posture. The UI is clean and intuitive, making it easy for engineers and security staff to quickly identify, prioritise, and remediate issues.

What we appreciate most is that Aikido takes a modern, developer-friendly approach to security. It integrates effortlessly into our workflows and gives us confidence that our code is continuously monitored with minimal friction. Review collected by and hosted on G2.com.

There’s very little to dislike, but if anything, we’d like to see even deeper integrations with some of the other tools in our security stack as the platform continues to grow. A few advanced configuration options could also be expanded to give more flexibility for larger or more complex environments.

That said, the Aikido team iterates incredibly quickly, and any limitations we’ve come across have often already been addressed by the time we revisit them. Review collected by and hosted on G2.com.

The auto-triage and noise reduction capabilities are exceptional. The platform effectively filters false positives through reachability analysis, allowing focus on actual vulnerabilities. The unified code-to-cloud coverage (SAST, SCA, IaC, secrets, container scanning) in a single platform eliminates tool sprawl. Integration with existing workflows and quick setup are also strong points. Review collected by and hosted on G2.com.

The platform lacks comprehensive security assessment and reporting capabilities for security engineering teams. While it excels at vulnerability management for DevOps, it doesn't provide in-depth security posture assessments, risk quantification, or customizable technical reports needed for security evaluations and audit preparation. The current reporting is developer-focused rather than security-analyst-focused. Review collected by and hosted on G2.com.

The ease of setup and the overall UX have an astoundingly low barrier to entry, but as an experienced SRE/infra engineer, I can still find my way to more advanced options.

I have used many similar systems, such as Snik, Detectify, and Datadog's Cloud Security platform, with varying degrees of success, and Aikido hits a very sweet spot between low learning curve and configurability. Review collected by and hosted on G2.com.

Some options I would like to use are currently restricted by cost due to team size, but I'm otherwise happy with the pricing vs features. Review collected by and hosted on G2.com.

At HotDoc, we integrated Aikido to enhance our secure development practices, and it has quickly demonstrated its worth. The platform is very developer-friendly, offering a seamless onboarding experience, rapid scans, and results that are both clear and actionable, all without overwhelming our teams with unnecessary noise. In contrast to many traditional SAST tools, Aikido feels lightweight but remains effective, providing the right guardrails to support our developers without causing delays. It allows us to maintain security at a pace that aligns with modern software development. I strongly recommend Aikido to security teams who prioritise a secure-by-design philosophy. Review collected by and hosted on G2.com.

These aren't major drawbacks, as Aikido is a newer tool and still evolving, but there are areas where the platform is less mature. Its cloud and infrastructure security coverage is not yet as comprehensive as its application code scanning. While integrations with core platforms like Github, Slack, and Jira are strong, support for broader ecosystems is still limited - though this is expected to expand over time. Review collected by and hosted on G2.com.

First off, I rarely write reviews, but Aikido absolutely deserves praise.

This tool has been really reliable for MoveInSync's code security pipeline. It's clear that a lot of thought, effort, and love has gone into creating a product that genuinely finds reliable security findings with clear instruction on fixing the issues making shift left mindset seemless.

What I love most about Aikido is its simplicity and false positive filter capability, where you don’t have to jump through hoops of irrelevant findings.

It seamlessly integrates into our DevSecOps pipeline.

The UI is intuitive, the performance is lightning-fast, and the slack support team? Absolutely top-notch.

They’re quick to respond, actively listen to feedback, and are constantly releasing thoughtful improvements.

Having All-in-one: SAST, SCA, Secret Scanning, DAST (still in early stage), CSPM, and api asset monitoring tool in a single tool is really helpful and now I can’t imagine working without it.

This is exactly the kind of innovative tool that reminds me why I love tech in the first place.

Highly recommend. Review collected by and hosted on G2.com.

Aikido does provide a local CLI scanner, which we prefer for our DevSecOps workflow, but the experience has been awkward for branch-based development.

We have to run scans locally and manually set the branch each time. In our usage, the CLI treated each branch scan as a separate “repo,” which quickly eats into the repo quota on our plan (e.g., 200 repos), whereas the cloud-connected scanner lets us switch branches on the same repository and re-run without consuming additional repo slots .

For teams with lots of short‑lived branches, that repo-counting behavior makes the local option a little hard to adopt.

Also the PR annotations are cloud-only. Inline PR comments/checks work via the cloud-integrated service (e.g., GitHub/GitLab/Bitbucket).

Local CLI scans do not post PR annotations. Review collected by and hosted on G2.com.

We came to Aikido after a frustrating experience with another popular SAST platform. Aikido has be incredibly easy to get started with, and has quickly become an integral part of our security and compliance process. Within an hour of signing up, I was certain that this was the right platform for us. The team has been incredibly responsive to our needs, and we have yet to run into any major issues. The reports are simple and easy to understand, and we get clear and actionable insights from the scans. The workflow in Aikido is quite simple, so everyone on our team has been able to jump in with ease. I highly recommend having a look at them if you want a solid platform for managing your application security. Review collected by and hosted on G2.com.

Each issue is assigned a severity. Some issues are lacking context to justify their severity level, but even in these instances, we can easily modify the level and leave justifications where necessary for our compliance process. Review collected by and hosted on G2.com.

The combination of SAST/DAST/CSPM/SBOM/RASP (and other capabilities) is astoundingly useful. All-in-one security scanning and configuration validation may seem mythical and impossible, but it demonstrably is not. It's just that nobody was doing it well. Review collected by and hosted on G2.com.

For a young company, you can forgive the fact that there are not as many enterprise capabilities in the platform just yet, but that is definitely something they are aware of and working on as evidenced by the ability to enroll the entire AWS Organization instead of having to enroll each tenant account separately for the cloud security posture management scanning. Review collected by and hosted on G2.com.

In the 9 months we have been using Aikido, we have been very impressed with the offering. They have a significant number of tools available (SAST, SCA, attack surface scanning, etc.) and they are adding something new every month or two that makes me go "ooh, that's nice". The user interface is a bit of a learning curve, but ultimately it is servicable.

The scans themselves are fast and don't impact the performance of our systems in any noticeable way. They run automatically once a day and update the list of known issues. It doesn't do anything that any of the big competitors (Tenable, Qualys, etc.) don't, but a big difference is the pricing. It is a fraction of the price those other products ask, and the limits on the paid plans are very reasonable (we've only had to upgrade a limit once, and that costed a few euro's a month extra).

The products doesn't allow as much customizability as for instance Tenable allows, but as a tradeoff, setting up was extremely easy; configure your integrations (Gitlab, Github, AWS, etc.) with standards tokens, wait a few minutes and everything begins populating with your projects.

We've had to reach out to product support a few times, and every time they were very quick, friendly and helpful. Review collected by and hosted on G2.com.

There aren't any major issues with Aikido, but there a few things that I feel Aikido could do different, namely:

- The UI and scans themselves aren't very configurable. Don't expect a system that allows you to tweak every minor details of every minor scan

- The findings are divided into a number of categories (VMs, Code, Cloud Scanner). You cannot group items together to get one easy overview. For instance, if you want to group the code of a specific repository, the sBOM of the built code and the scan of the VM the code is running on, you can't. You have to navigate back and forth to match findings from different categories.

- The UI could use a bit of care to improve UX. For instance, we had issues where we couldn't delete an old asset that we used for testing purposes. Review collected by and hosted on G2.com.

I think it is a great tool, especially for small firms, as it combines the ability to not only perform Pentests, but also to audit open source js, and PHP dependencies of possible known security issues, and when to upgrade, as well as performing SAST scans, with suggested fixes. Many tools only do either Pentesting or perform an SAST scan, as well as an open source dependency scan Review collected by and hosted on G2.com.

My tests of the Zen Firewall were a bit buggy. It would seem that there is quite a delay in the changes made to code, and to what appeared in the Aikido interface. Review collected by and hosted on G2.com.