Aikido
⌘Ctrlk
Changelog NotificationsAPIAikido login
  • Docs
  • Changelog
AI Assistant
Good night

I'm here to help you with the docs.

⌘Ctrli
AI Based on your context
Aikido
  • Aikido Docs Overview
    • Setting Up Your Account
    • User Management
    • Manage Teams & Applications
    • Manage Findings
    • Task Management Tools
    • Chat & Alerts
    • Reachability Analysis
    • How Aikido Uses AI
    • AGI Readiness
    • CVE Exploitability Analysis
    • Secrets AutoTriage Denoising
    • Ask Aikido: Contextual AI Chat
    • Securing AI-Generated Code
    • Secrets Pre-Commit Hook
    • IDE Plugins
    • AI Coding Assistants (MCP)
    • AutoFix Overview
    • Different AutoFix Types
    • Automation & Merging
    • Setting up AutoFix
    • Connect Private Packages
    • FAQ
    • Code Scanning Overview
    • Connect Your Source Code
    • Local Code Scanning
    • Scanning Best Practices
      • Access Control Checks
      • Custom Rules Overview
      • Custom Code Context for SAST Rules
      • Add Custom SAST & IaC Rules
      • External Vulnerability Databases Used in Our SCA Engine
      • Custom CVE Vulnerabilities
      • Support for Dependency Scanning by Language (SCA)
      • C/C++ Lockfile-Less Scanning
      • Java/Scala/Kotlin Projects Using Gradle: Security Scanning Best Practices
      • Python Projects: Security Scanning Best Practices
      • NET Projects: Security Scanning Best Practices
      • Scala: Dependency Management and Scanning for build.sbt
      • Vulnerability Scanning on Private Packages - Maven
      • Scanning Dev Dependencies for CVEs
      • Malware Detection in Open-Source Dependencies and Containers
      • Live Secret Detection
      • Configure scanning with .aikido files
      • Ignoring Secrets via Code Comments
      • Dependency Scanning for Bazel
      • Multi-File / Cross-File Vulnerability Tracing
      • Denoise via SAST AutoTriage
      • Denoise via Secret Keyword Filter
      • SAST/IaC: Supported Languages and Security Focus
    • Repository Configurations
    • Safe Chain: Prevent Malware Installs
    • Pentest Overview
    • Prepare a Pentest
    • Configure a Pentest
    • Coverage and Findings
    • Continuous Pentesting
    • Integrate your Lovable Apps
    • Integrate your Supabase Projects
    • Code Audit Overview
    • Create a Code Audit
    • Track Progress and Findings
    • What Code Audit Finds
    • Cloud Scanning Overview
    • Connect Your Cloud
    • Cloud Search: Search Asset Inventory
    • Custom CSPM Rules
    • Kubernetes Cluster Scanning
    • Container Image Scanning Overview
    • Cloud Provider Registries
    • Standalone Registries
    • Local Image Scanning
    • Configuration
    • Aikido Images
    • Container Reachability Analysis
    • VM Scanning Overview
    • AWS Virtual Machine Scanning
    • Azure Virtual Machine Scanning
    • Google Cloud Virtual Machine Scanning
    • Local VM Scanning
    • Miscellaneous
    • DAST Overview
    • Front-End Scanning
    • Attack Surface Monitoring
    • API Scanning
    • Using 2FA in Front-End and API Scans
    • IP Addresses for Domain Scanning
    • PR Gating Overview
    • GitHub PR Gating
    • Azure DevOps PR Gating
    • GitLab MR Gating
    • Bitbucket PR Gating
    • CLI for PR & Release Gating
    • Code Quality Overview
    • Code Quality Repository Scans
    • Code Quality in PRs
    • Add Custom Code Rules
    • Add Extra Code Context
    • Getting Started with Zen Firewall
    • How Does Zen Work?
    • Installing Zen Firewall
    • Zen Features
    • Use-Cases
    • Miscellaneous Zen
    • What is Device Protection
    • Deploying Device Protection
    • Using Device Protection
    • Miscellaneous Device Protection
    • Compliance Integrations Overview
    • Reports
    • Licenses and SBOM
    • Aikido Webhooks
    • Forge Integration: Troubleshooting
    • Registry Proxy
    • Overview
    • Migrating from SonarQube to Aikido
    • Fix Dependency Issues with AutoTriage and AutoFix
    • Linear and Slack
    • Jira Cloud and Slack
    • Additional Cloud Providers
    • Wallet & Credits
    • Security Acronyms
    • Setting Up Aikido Changelog Notifications in Slack & Teams
    • Using Bitbucket Projects as Workspaces
    • Using Azure Devops Projects as Workspaces
    • Aikido Broker for Internal Applications
    • Domain verification
    • IP Allowlisting for Your Git Provider
For the complete documentation index, see llms.txt. This page is also available as Markdown.
  1. Docs
  2. Code Scanning

Scanning Best Practices

Access Control ChecksCustom Rules OverviewCustom Code Context for SAST RulesAdd Custom SAST & IaC RulesExternal Vulnerability Databases Used in Our SCA EngineCustom CVE VulnerabilitiesSupport for Dependency Scanning by Language (SCA)C/C++ Lockfile-Less ScanningJava/Scala/Kotlin Projects Using Gradle: Security Scanning Best PracticesPython Projects: Security Scanning Best PracticesNET Projects: Security Scanning Best PracticesScala: Dependency Management and Scanning for build.sbtVulnerability Scanning on Private Packages - MavenScanning Dev Dependencies for CVEsMalware Detection in Open-Source Dependencies and ContainersLive Secret DetectionConfigure scanning with .aikido filesIgnoring Secrets via Code CommentsDependency Scanning for BazelMulti-File / Cross-File Vulnerability TracingDenoise via SAST AutoTriageDenoise via Secret Keyword FilterSAST/IaC: Supported Languages and Security Focus

Last updated 1 year ago

Was this helpful?

x-twitteryoutubelinkedin

Was this helpful?