Zum Inhalt

Aikido Sicherheit Cheat Blatt

generieren

Überblick

Aikido Security bietet eine End-to-End-Code-to-Cloud-Sicherheitsplattform für kontinuierliche VAPT (Vulnerability Assessment und Penetration Testing) und eine nahtlose Integration in Entwickler-Workflows. Es kombiniert statische Analyse, dynamische Tests, Abhängigkeits-Scannen und Cloud-Sicherheitsüberwachung in einer einheitlichen Plattform, die für moderne DevSecOps-Praktiken optimiert ist.

ZEIT Note: Kommerzielle Plattform mit freiem Tier für kleine Teams. Unternehmen Preise für größere Unternehmen verfügbar.

Erste Schritte

Account Setup und Onboarding

```bash

Initial setup process:

1. Sign up at aikido.dev

2. Verify email and complete profile

3. Create organization workspace

4. Install Aikido CLI tool

5. Connect first repository

6. Configure initial security policies

CLI installation

npm install -g @aikidosec/cli

or

curl -sSL https://get.aikido.dev | sh

Verify installation

aikido --version aikido auth login ```_

Workspace Konfiguration

```bash

Initialize Aikido in project

aikido init

Configure project settings

aikido config set project-name "my-application" aikido config set environment "production" aikido config set scan-schedule "daily"

Set up authentication

aikido auth configure --token YOUR_API_TOKEN aikido auth verify

Check workspace status

aikido status aikido info ```_

Code Sicherheitsanalyse

Static Application Security Testing (SAST)

```bash

Run comprehensive code analysis

aikido scan code --path ./src --language javascript aikido scan code --path ./src --language python --deep-analysis aikido scan code --path ./src --language java --include-tests

Language-specific scanning

aikido scan javascript --path ./src --frameworks react,express aikido scan python --path ./src --frameworks django,flask aikido scan java --path ./src --frameworks spring,struts aikido scan csharp --path ./src --frameworks dotnet,mvc aikido scan php --path ./src --frameworks laravel,symfony

Custom rule configuration

aikido scan code --rules-file custom-rules.yaml aikido scan code --exclude-rules "low-severity" aikido scan code --include-rules "owasp-top10" ```_

Code Qualität und Sicherheitsregeln

```yaml

aikido-rules.yaml

rules: security: sql_injection: enabled: true severity: high patterns: - "SELECT.FROM.*WHERE.=.*\\(" - "INSERT.*INTO.*VALUES.*\\\)"

xss_vulnerabilities:
  enabled: true
  severity: high
  patterns:
    - "innerHTML.*=.*user"
    - "document.write.*user"

hardcoded_secrets:
  enabled: true
  severity: critical
  patterns:
    - "password\\s*=\\s*['\"][^'\"]{8,}['\"]"
    - "api[_-]?key\\s*=\\s*['\"][^'\"]{16,}['\"]"

quality: code_complexity: enabled: true max_cyclomatic_complexity: 10 max_function_length: 50

maintainability:
  enabled: true
  max_file_length: 500
  require_documentation: true

exclusions: paths: - "node_modules/" - "vendor/" - ".test.js" - ".spec.py"

rules: - "test-specific-rule" - "legacy-code-exception" ```_

Abhängigkeit und Supply Chain Sicherheit

```bash

Scan dependencies for vulnerabilities

aikido scan dependencies --package-file package.json aikido scan dependencies --package-file requirements.txt aikido scan dependencies --package-file pom.xml aikido scan dependencies --package-file composer.json

Advanced dependency analysis

aikido scan dependencies --include-dev-dependencies aikido scan dependencies --check-licenses aikido scan dependencies --supply-chain-analysis aikido scan dependencies --malware-detection

Dependency update recommendations

aikido dependencies update-check aikido dependencies security-advisories aikido dependencies license-compliance aikido dependencies outdated-packages

Generate dependency reports

aikido dependencies report --format json aikido dependencies report --format csv aikido dependencies report --format sbom # Software Bill of Materials ```_

Dynamic Application Security Testing (DAST)

Web Application Scanning

```bash

Configure web application target

aikido target add web --url https://app.example.com aikido target add web --url https://api.example.com --type api aikido target add web --url https://staging.example.com --environment staging

Authentication setup for DAST

aikido auth web configure --url https://app.example.com \ --login-url /login \ --username testuser \ --password testpass \ --success-indicator "Dashboard"

OAuth/OIDC authentication

aikido auth web configure --url https://app.example.com \ --auth-type oauth2 \ --client-id YOUR_CLIENT_ID \ --client-secret YOUR_CLIENT_SECRET \ --scope "read write"

API key authentication

aikido auth api configure --url https://api.example.com \ --auth-type api-key \ --header "X-API-Key" \ --value YOUR_API_KEY ```_

Umfassende DAST Scanning

```bash

Quick security scan

aikido scan web --url https://app.example.com --quick aikido scan web --url https://app.example.com --owasp-top10

Full comprehensive scan

aikido scan web --url https://app.example.com --comprehensive aikido scan web --url https://app.example.com --deep-crawl aikido scan web --url https://app.example.com --business-logic

API-specific scanning

aikido scan api --url https://api.example.com --openapi-spec api-spec.yaml aikido scan api --url https://api.example.com --graphql aikido scan api --url https://api.example.com --rest-endpoints

Custom scan configuration

aikido scan web --url https://app.example.com \ --max-depth 5 \ --max-pages 1000 \ --exclude-paths "/admin/,/internal/" \ --include-forms \ --test-file-uploads ```_

Fortgeschritten Eigenschaften

```bash

Single Page Application (SPA) scanning

aikido scan spa --url https://app.example.com \ --framework react \ --wait-for-js \ --capture-screenshots

Mobile application scanning

aikido scan mobile --app-file app.apk --platform android aikido scan mobile --app-file app.ipa --platform ios aikido scan mobile --url https://m.example.com --mobile-web

Authenticated scanning with session management

aikido scan web --url https://app.example.com \ --maintain-session \ --session-timeout 30m \ --re-authenticate-on-failure

Performance-aware scanning

aikido scan web --url https://app.example.com \ --rate-limit 10 \ --concurrent-requests 5 \ --respect-robots-txt \ --polite-mode ```_

Überwachung der Cloud-Sicherheit

Multi-Cloud Infrastruktur Scanning

```bash

AWS cloud security assessment

aikido cloud connect aws --access-key YOUR_ACCESS_KEY \ --secret-key YOUR_SECRET_KEY \ --region us-east-1

aikido cloud scan aws --account-id 123456789012 \ --services ec2,s3,rds,iam,vpc \ --compliance-frameworks cis,nist

Azure cloud security assessment

aikido cloud connect azure --subscription-id YOUR_SUBSCRIPTION_ID \ --client-id YOUR_CLIENT_ID \ --client-secret YOUR_CLIENT_SECRET \ --tenant-id YOUR_TENANT_ID

aikido cloud scan azure --subscription YOUR_SUBSCRIPTION_ID \ --services vm,storage,sql,keyvault,network \ --compliance-frameworks cis,iso27001

Google Cloud Platform assessment

aikido cloud connect gcp --project-id YOUR_PROJECT_ID \ --service-account-key service-account.json

aikido cloud scan gcp --project-id YOUR_PROJECT_ID \ --services compute,storage,sql,iam,network \ --compliance-frameworks cis,nist ```_

Container und Kubernetes Sicherheit

```bash

Container image scanning

aikido scan container --image nginx:latest aikido scan container --image myapp:v1.0 --dockerfile Dockerfile aikido scan container --image-tar myapp.tar

Kubernetes cluster security assessment

aikido scan k8s --kubeconfig ~/.kube/config aikido scan k8s --namespace production --all-workloads aikido scan k8s --cluster-name prod-cluster --compliance cis-k8s

Docker Compose security analysis

aikido scan compose --file docker-compose.yml aikido scan compose --file docker-compose.prod.yml --environment production

Container registry scanning

aikido scan registry --url registry.example.com \ --username registry_user \ --password registry_pass \ --scan-all-tags ```_

Infrastruktur als Code (IaC) Sicherheit

```bash

Terraform security scanning

aikido scan terraform --path ./terraform aikido scan terraform --file main.tf --plan terraform.plan aikido scan terraform --state terraform.tfstate

CloudFormation template scanning

aikido scan cloudformation --template template.yaml aikido scan cloudformation --stack-name my-stack --region us-east-1

Ansible playbook security analysis

aikido scan ansible --playbook site.yml aikido scan ansible --inventory inventory.ini --check-vault

Helm chart security scanning

aikido scan helm --chart ./mychart aikido scan helm --chart-name nginx --repo stable ```_

CI/CD Integration und Automatisierung

Integration von Pipeline

```yaml

GitHub Actions integration

name: Aikido Security Scan on: push: branches: [main, develop] pull_request: branches: [main]

jobs: security-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3

- name: Setup Aikido CLI
  run: |
    npm install -g @aikidosec/cli
    aikido auth configure --token ${{ secrets.AIKIDO_TOKEN }}

- name: Code Security Scan
  run: |
    aikido scan code --path ./src --format json > code-results.json
    aikido scan dependencies --package-file package.json --format json > deps-results.json

- name: Infrastructure Scan
  run: |
    aikido scan terraform --path ./infrastructure --format json > iac-results.json

- name: Upload Results
  uses: actions/upload-artifact@v3
  with:
    name: security-scan-results
    path: |
      code-results.json
      deps-results.json
      iac-results.json

- name: Quality Gate
  run: |
    aikido quality-gate --threshold critical:0,high:5,medium:20

```_

Jenkins Pipeline Integration

```groovy // Jenkinsfile pipeline { agent any

environment {
    AIKIDO_TOKEN = credentials('aikido-api-token')
}

stages {
    stage('Checkout') {
        steps {
            checkout scm
        }
    }

    stage('Security Scan') {
        parallel {
            stage('Code Analysis') {
                steps {
                    sh '''
                        aikido scan code --path ./src --format json > code-scan.json
                        aikido scan dependencies --package-file package.json --format json > deps-scan.json
                    '''
                }
            }

            stage('Infrastructure Scan') {
                steps {
                    sh '''
                        aikido scan terraform --path ./terraform --format json > iac-scan.json
                        aikido scan docker --dockerfile Dockerfile --format json > container-scan.json
                    '''
                }
            }
        }
    }

    stage('Security Gate') {
        steps {
            script {
                def scanResults = sh(
                    script: 'aikido quality-gate --threshold critical:0,high:3 --format json',
                    returnStdout: true
                ).trim()

                def results = readJSON text: scanResults

                if (results.gate_status == 'failed') {
                    error("Security quality gate failed: ${results.violations} violations found")
                }
            }
        }
    }

    stage('Deploy') {
        when {
            branch 'main'
        }
        steps {
            echo 'Deploying application...'
            // Deployment steps here
        }
    }
}

post {
    always {
        archiveArtifacts artifacts: '*-scan.json', fingerprint: true

        publishHTML([
            allowMissing: false,
            alwaysLinkToLastBuild: true,
            keepAll: true,
            reportDir: '.',
            reportFiles: 'security-report.html',
            reportName: 'Aikido Security Report'
        ])
    }
}

} ```_

GitLab CI Integration

```yaml

.gitlab-ci.yml

stages: - security-scan - quality-gate - deploy

variables: AIKIDO_TOKEN: $AIKIDO_API_TOKEN

security-scan: stage: security-scan image: node:18 before_script: - npm install -g @aikidosec/cli - aikido auth configure --token $AIKIDO_TOKEN script: - aikido scan code --path ./src --format json > code-scan.json - aikido scan dependencies --package-file package.json --format json > deps-scan.json - aikido scan terraform --path ./infrastructure --format json > iac-scan.json artifacts: reports: security: - code-scan.json - deps-scan.json - iac-scan.json expire_in: 1 week

quality-gate: stage: quality-gate image: node:18 dependencies: - security-scan before_script: - npm install -g @aikidosec/cli - aikido auth configure --token $AIKIDO_TOKEN script: - aikido quality-gate --threshold critical:0,high:5,medium:20 allow_failure: false

deploy: stage: deploy script: - echo "Deploying application..." only: - main dependencies: - quality-gate ```_

Kontinuierliche Überwachung und Alarmierung

Echtzeit-Sicherheitsüberwachung

```bash

Enable continuous monitoring

aikido monitor enable --targets all aikido monitor enable --target web:https://app.example.com aikido monitor enable --target api:https://api.example.com

Configure monitoring schedules

aikido monitor schedule --target web:https://app.example.com \ --frequency daily \ --time "02:00" \ --timezone "UTC"

aikido monitor schedule --target api:https://api.example.com \ --frequency hourly \ --business-hours-only

Real-time vulnerability monitoring

aikido monitor vulnerabilities --real-time aikido monitor dependencies --auto-update-check aikido monitor cloud --compliance-drift-detection ```_

Alert Konfiguration und Management

```bash

Configure alert channels

aikido alerts add slack --webhook-url https://hooks.slack.com/services/... aikido alerts add email --recipients security@example.com,dev@example.com aikido alerts add webhook --url https://api.example.com/security/alerts aikido alerts add pagerduty --integration-key YOUR_INTEGRATION_KEY

Alert severity and conditions

aikido alerts configure --severity critical --immediate aikido alerts configure --severity high --within 1h aikido alerts configure --severity medium --daily-digest aikido alerts configure --severity low --weekly-summary

Custom alert rules

aikido alerts rule create --name "Critical API Vulnerabilities" \ --condition "severity=critical AND target_type=api" \ --action "slack,email,pagerduty"

aikido alerts rule create --name "New Dependency Vulnerabilities" \ --condition "type=dependency AND age<24h" \ --action "slack,email"

Alert suppression and management

aikido alerts suppress --vulnerability-id CVE-2023-1234 --duration 7d aikido alerts acknowledge --alert-id 12345 --assignee john.doe aikido alerts escalate --alert-id 12345 --to security-team ```_

Compliance und Governance

```bash

Compliance framework configuration

aikido compliance enable --framework owasp-top10 aikido compliance enable --framework pci-dss aikido compliance enable --framework iso27001 aikido compliance enable --framework nist-csf aikido compliance enable --framework sox

Policy enforcement

aikido policy create --name "Critical Vulnerability SLA" \ --rule "critical_vulnerabilities.remediation_time <= 24h"

aikido policy create --name "Dependency Update Policy" \ --rule "high_risk_dependencies.age <= 7d"

aikido policy create --name "Code Quality Gate" \ --rule "code_coverage >= 80% AND security_issues.critical == 0"

Governance reporting

aikido governance report --framework pci-dss --period quarterly aikido governance report --framework iso27001 --period annual aikido governance dashboard --compliance-overview ```_

API und Automatisierung

REST API Verwendung

```bash

Authentication

export AIKIDO_API_TOKEN="your_api_token_here"

Get organization information

curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \ https://api.aikido.dev/v1/organizations

List all projects

curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \ https://api.aikido.dev/v1/projects

Get vulnerability summary

curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \ https://api.aikido.dev/v1/vulnerabilities/summary

Start a new scan

curl -X POST \ -H "Authorization: Bearer $AIKIDO_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{"target": "https://app.example.com", "scan_type": "comprehensive"}' \ https://api.aikido.dev/v1/scans

Get scan results

curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \ https://api.aikido.dev/v1/scans/12345/results ```_

Python SDK Verwendung

```python

Install Aikido Python SDK

pip install aikido-security

from aikido import AikidoClient import json

Initialize client

client = AikidoClient(api_token="your_api_token_here")

Get organization info

org_info = client.organizations.get_current() print(f"Organization: {org_info['name']}")

List projects

projects = client.projects.list() for project in projects: print(f"Project: {project['name']} - {project['status']}")

Start a code scan

scan_config = { "project_id": "project-123", "scan_type": "code", "path": "./src", "language": "javascript" }

scan = client.scans.create(scan_config) print(f"Scan started: {scan['id']}")

Wait for scan completion

scan_result = client.scans.wait_for_completion(scan['id'], timeout=1800)

Get vulnerabilities

vulnerabilities = client.vulnerabilities.list( project_id="project-123", severity=["critical", "high"] )

print(f"Found {len(vulnerabilities)} high/critical vulnerabilities:") for vuln in vulnerabilities: print(f"- {vuln['title']} ({vuln['severity']})")

Generate report

report = client.reports.generate( project_id="project-123", format="pdf", include_remediation=True )

with open("security_report.pdf", "wb") as f: f.write(report)

Manage alerts

alerts = client.alerts.list(status="open") for alert in alerts: if alert['severity'] == 'critical': # Acknowledge critical alerts client.alerts.acknowledge(alert['id'], assignee="security-team")

    # Send to incident management
    incident_data = {
        "title": f"Critical Security Alert: {alert['title']}",
        "description": alert['description'],
        "severity": "high",
        "source": "aikido-security"
    }
    # Integration with incident management system
    # incident_system.create_incident(incident_data)

```_

Webhook Integration

```python

Webhook handler example (Flask)

from flask import Flask, request, jsonify import hmac import hashlib import json

app = Flask(name)

WEBHOOK_SECRET = "your_webhook_secret"

def verify_signature(payload, signature): """Verify webhook signature""" expected_signature = hmac.new( WEBHOOK_SECRET.encode(), payload, hashlib.sha256 ).hexdigest()

return hmac.compare_digest(f"sha256={expected_signature}", signature)

@app.route('/aikido-webhook', methods=['POST']) def handle_aikido_webhook(): # Verify signature signature = request.headers.get('X-Aikido-Signature') if not verify_signature(request.data, signature): return jsonify({"error": "Invalid signature"}), 401

# Parse webhook data
data = request.json
event_type = data.get('event_type')

if event_type == 'vulnerability_found':
    handle_vulnerability_found(data)
elif event_type == 'scan_completed':
    handle_scan_completed(data)
elif event_type == 'compliance_violation':
    handle_compliance_violation(data)

return jsonify({"status": "processed"}), 200

def handle_vulnerability_found(data): """Handle new vulnerability discovery""" vulnerability = data['vulnerability']

if vulnerability['severity'] == 'critical':
    # Send immediate alert
    send_critical_alert(vulnerability)

    # Create incident ticket
    create_incident_ticket(vulnerability)

    # Notify security team
    notify_security_team(vulnerability)

def handle_scan_completed(data): """Handle scan completion""" scan = data['scan']

# Update dashboard
update_security_dashboard(scan)

# Generate report if needed
if scan['vulnerabilities']['critical'] > 0:
    generate_executive_report(scan)

def handle_compliance_violation(data): """Handle compliance violations""" violation = data['violation']

# Log compliance event
log_compliance_event(violation)

# Notify compliance team
notify_compliance_team(violation)

# Update compliance dashboard
update_compliance_status(violation)

if name == 'main': app.run(host='0.0.0.0', port=5000) ```_

Erweiterte Funktionen und Anpassung

Kundenspezifische Sicherheitsregeln und Richtlinien

```yaml

custom-security-rules.yaml

rules: custom_sql_injection: name: "Advanced SQL Injection Detection" description: "Detect complex SQL injection patterns" severity: high category: injection patterns: | | | | - regex: "(?i)(union | select | insert | update | delete | drop | create | alter).['\"].['\"]" | | | | - regex: "(?i)\b(or|and)\s+['\"]?\d+['\"]?\s*=\s*['\"]?\d+['\"]?" languages: [javascript, python, php, java, csharp]

api_security_headers: name: "Missing API Security Headers" description: "Check for required security headers in API responses" severity: medium category: configuration checks: - header: "X-Content-Type-Options" required: true value: "nosniff" - header: "X-Frame-Options" required: true values: ["DENY", "SAMEORIGIN"] - header: "Content-Security-Policy" required: true pattern: ".default-src."

sensitive_data_exposure: name: "Sensitive Data in Logs" description: "Detect potential sensitive data in log statements" severity: high category: data_exposure patterns: - regex: "(?i)log.*password" - regex: "(?i)log.*credit.?card" - regex: "(?i)log.*ssn|social.?security" - regex: "(?i)console\.log.*token" exclude_patterns: - "password_hash" - "password_length"

policies: zero_critical_policy: name: "Zero Critical Vulnerabilities" description: "Block deployment if critical vulnerabilities found" conditions: - "vulnerabilities.critical == 0" action: "block_deployment"

dependency_freshness: name: "Dependency Freshness Policy" description: "Ensure dependencies are not too old" conditions: - "dependencies.high_risk.age <= 30d" - "dependencies.outdated.count <= 10" action: "warn"

code_coverage_gate: name: "Code Coverage Quality Gate" description: "Maintain minimum code coverage" conditions: - "code_coverage.line >= 80" - "code_coverage.branch >= 70" action: "warn" ```_

Kundenspezifische Integrationen und Erweiterungen

```python

custom_aikido_integration.py

import requests import json from typing import Dict, List, Optional

class AikidoCustomIntegration: def init(self, api_token: str, base_url: str = "https://api.aikido.dev/v1"): self.api_token = api_token self.base_url = base_url self.headers = { "Authorization": f"Bearer {api_token}", "Content-Type": "application/json" }

def create_custom_scan_profile(self, profile_data: Dict) -> Dict:
    """Create a custom scan profile"""
    response = requests.post(
        f"{self.base_url}/scan-profiles",
        headers=self.headers,
        json=profile_data
    )
    return response.json()

def bulk_vulnerability_update(self, updates: List[Dict]) -> Dict:
    """Bulk update vulnerability status"""
    response = requests.patch(
        f"{self.base_url}/vulnerabilities/bulk",
        headers=self.headers,
        json={"updates": updates}
    )
    return response.json()

def generate_custom_report(self, report_config: Dict) -> bytes:
    """Generate custom security report"""
    response = requests.post(
        f"{self.base_url}/reports/custom",
        headers=self.headers,
        json=report_config
    )
    return response.content

def sync_with_jira(self, project_id: str, jira_config: Dict) -> Dict:
    """Synchronize vulnerabilities with Jira"""
    vulnerabilities = self.get_vulnerabilities(project_id, severity=["high", "critical"])

    jira_tickets = []
    for vuln in vulnerabilities:
        if not vuln.get('jira_ticket_id'):
            ticket = self.create_jira_ticket(vuln, jira_config)
            jira_tickets.append(ticket)

            # Update vulnerability with Jira ticket ID
            self.update_vulnerability(vuln['id'], {'jira_ticket_id': ticket['id']})

    return {"created_tickets": len(jira_tickets), "tickets": jira_tickets}

def compliance_dashboard_data(self, frameworks: List[str]) -> Dict:
    """Get compliance dashboard data for multiple frameworks"""
    compliance_data = {}

    for framework in frameworks:
        response = requests.get(
            f"{self.base_url}/compliance/{framework}/status",
            headers=self.headers
        )
        compliance_data[framework] = response.json()

    return compliance_data

def automated_remediation_suggestions(self, vulnerability_id: str) -> Dict:
    """Get AI-powered remediation suggestions"""
    response = requests.get(
        f"{self.base_url}/vulnerabilities/{vulnerability_id}/remediation",
        headers=self.headers,
        params={"include_ai_suggestions": True}
    )
    return response.json()

Usage example

integration = AikidoCustomIntegration("your_api_token")

Create custom scan profile for microservices

microservice_profile = { "name": "Microservice Security Profile", "description": "Optimized for containerized microservices", "rules": { "container_security": True, "api_security": True, "service_mesh_security": True, "secrets_management": True }, "scan_intensity": "high", "compliance_frameworks": ["owasp-top10", "nist-csf"] }

profile = integration.create_custom_scan_profile(microservice_profile) print(f"Created scan profile: {profile['id']}")

Bulk update vulnerability status

vulnerability_updates = [ {"id": "vuln-123", "status": "resolved", "resolution": "patched"}, {"id": "vuln-456", "status": "accepted_risk", "justification": "Legacy system"}, {"id": "vuln-789", "status": "false_positive", "reason": "Test environment only"} ]

update_result = integration.bulk_vulnerability_update(vulnerability_updates) print(f"Updated {update_result['updated_count']} vulnerabilities") ```_

Fehlerbehebung und Best Practices

Gemeinsame Themen und Lösungen

```bash

Authentication and connectivity issues

aikido auth verify aikido auth refresh-token aikido config check-connectivity

Scan performance optimization

aikido config set scan-timeout 3600 aikido config set max-concurrent-scans 3 aikido config set rate-limit-delay 1000

False positive management

aikido vulnerabilities mark-false-positive --id vuln-123 --reason "test-data" aikido vulnerabilities whitelist --pattern "test/*" --reason "test-files" aikido rules disable --rule-id custom-rule-456 --temporary

Memory and resource optimization

aikido config set memory-limit 4GB aikido config set temp-directory /tmp/aikido aikido cache clear --all ```_

Leistungsoptimierung

```bash

Optimize scan performance

aikido scan code --path ./src --parallel-workers 4 aikido scan code --path ./src --incremental --baseline main aikido scan code --path ./src --exclude-patterns ".min.js,.test.*"

Dependency scan optimization

aikido scan dependencies --cache-results --cache-duration 24h aikido scan dependencies --exclude-dev-dependencies aikido scan dependencies --fast-mode

Cloud scan optimization

aikido cloud scan aws --regions us-east-1,us-west-2 --services-filter critical aikido cloud scan azure --resource-groups production --parallel-regions aikido cloud scan gcp --projects production-* --skip-inactive-resources ```_

Sicherheit Best Practices

```bash

Secure API token management

aikido auth rotate-token --schedule monthly aikido auth list-tokens --show-last-used aikido auth revoke-token --token-id old-token-123

Audit and compliance

aikido audit enable --log-all-actions aikido audit export --format json --period last-30-days aikido compliance validate --framework pci-dss --auto-remediate

Data protection and privacy

aikido config set data-retention 90d aikido config set anonymize-sensitive-data true aikido config set encrypt-at-rest true ```_

Überwachung und Wartung

```bash

System health monitoring

aikido system health-check aikido system performance-metrics aikido system resource-usage

Regular maintenance tasks

aikido maintenance cleanup-old-scans --older-than 90d aikido maintenance optimize-database aikido maintenance update-vulnerability-database

Backup and disaster recovery

aikido backup create --include-config --include-scan-history aikido backup restore --backup-id backup-456 --verify-integrity aikido backup schedule --frequency weekly --retention 12w ```_

Ressourcen

Dokumentation und Lernen

Gemeinschaft und Unterstützung

  • [Aikido Security Community](LINK_12__
  • [GitHub Repository](LINK_12_
  • [Support Portal](LINK_12_
  • [Status Page](LINK_12__

Schulung und Zertifizierung

  • [Aikido Security Academy](LINK_12_
  • [DevSecOps Certification](LINK_12__
  • [Webinar Series](LINK_12__
  • [Security Blog](LINK_12__