Hoja de seguridad de Aikido
"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
Aikido Security proporciona una plataforma de seguridad de código a cierre de extremo diseñado para el VAPT continuo (Evaluación de vulnerabilidad y pruebas de penetración) y una integración perfecta en los flujos de trabajo de desarrolladores. Combina análisis estáticos, pruebas dinámicas, análisis de dependencia y monitoreo de seguridad en la nube en una plataforma unificada optimizada para prácticas modernas de DevSecOps.
NOVEDAD Nota: Plataforma comercial con nivel gratuito para pequeños equipos. Precios de las empresas disponibles para organizaciones más grandes.
Comienzo
Configuración de la cuenta y embarque
# Initial setup process:
# 1. Sign up at aikido.dev
# 2. Verify email and complete profile
# 3. Create organization workspace
# 4. Install Aikido CLI tool
# 5. Connect first repository
# 6. Configure initial security policies
# CLI installation
npm install -g @aikidosec/cli
# or
curl -sSL https://get.aikido.dev | sh
# Verify installation
aikido --version
aikido auth login
Configuración del espacio de trabajo
# Initialize Aikido in project
aikido init
# Configure project settings
aikido config set project-name "my-application"
aikido config set environment "production"
aikido config set scan-schedule "daily"
# Set up authentication
aikido auth configure --token YOUR_API_TOKEN
aikido auth verify
# Check workspace status
aikido status
aikido info
Code Security Analysis
Pruebas de seguridad de aplicaciones estaticas (SAST)
# Run comprehensive code analysis
aikido scan code --path ./src --language javascript
aikido scan code --path ./src --language python --deep-analysis
aikido scan code --path ./src --language java --include-tests
# Language-specific scanning
aikido scan javascript --path ./src --frameworks react,express
aikido scan python --path ./src --frameworks django,flask
aikido scan java --path ./src --frameworks spring,struts
aikido scan csharp --path ./src --frameworks dotnet,mvc
aikido scan php --path ./src --frameworks laravel,symfony
# Custom rule configuration
aikido scan code --rules-file custom-rules.yaml
aikido scan code --exclude-rules "low-severity"
aikido scan code --include-rules "owasp-top10"
Código de Calidad y Normas de Seguridad
# aikido-rules.yaml
rules:
security:
sql_injection:
enabled: true
severity: high
patterns:
- "SELECT.*FROM.*WHERE.*=.*\\$"
- "INSERT.*INTO.*VALUES.*\\$"
xss_vulnerabilities:
enabled: true
severity: high
patterns:
- "innerHTML.*=.*user"
- "document.write.*user"
hardcoded_secrets:
enabled: true
severity: critical
patterns:
- "password\\s*=\\s*['\"][^'\"]{8,}['\"]"
- "api[_-]?key\\s*=\\s*['\"][^'\"]{16,}['\"]"
quality:
code_complexity:
enabled: true
max_cyclomatic_complexity: 10
max_function_length: 50
maintainability:
enabled: true
max_file_length: 500
require_documentation: true
exclusions:
paths:
- "node_modules/"
- "vendor/"
- "*.test.js"
- "*.spec.py"
rules:
- "test-specific-rule"
- "legacy-code-exception"
Seguridad de la dependencia y la cadena de suministro
# Scan dependencies for vulnerabilities
aikido scan dependencies --package-file package.json
aikido scan dependencies --package-file requirements.txt
aikido scan dependencies --package-file pom.xml
aikido scan dependencies --package-file composer.json
# Advanced dependency analysis
aikido scan dependencies --include-dev-dependencies
aikido scan dependencies --check-licenses
aikido scan dependencies --supply-chain-analysis
aikido scan dependencies --malware-detection
# Dependency update recommendations
aikido dependencies update-check
aikido dependencies security-advisories
aikido dependencies license-compliance
aikido dependencies outdated-packages
# Generate dependency reports
aikido dependencies report --format json
aikido dependencies report --format csv
aikido dependencies report --format sbom # Software Bill of Materials
Pruebas de seguridad de aplicaciones dinámicas (DAST)
Web Application Scanning
# Configure web application target
aikido target add web --url https://app.example.com
aikido target add web --url https://api.example.com --type api
aikido target add web --url https://staging.example.com --environment staging
# Authentication setup for DAST
aikido auth web configure --url https://app.example.com \
--login-url /login \
--username testuser \
--password testpass \
--success-indicator "Dashboard"
# OAuth/OIDC authentication
aikido auth web configure --url https://app.example.com \
--auth-type oauth2 \
--client-id YOUR_CLIENT_ID \
--client-secret YOUR_CLIENT_SECRET \
--scope "read write"
# API key authentication
aikido auth api configure --url https://api.example.com \
--auth-type api-key \
--header "X-API-Key" \
--value YOUR_API_KEY
DAST Scanning
# Quick security scan
aikido scan web --url https://app.example.com --quick
aikido scan web --url https://app.example.com --owasp-top10
# Full comprehensive scan
aikido scan web --url https://app.example.com --comprehensive
aikido scan web --url https://app.example.com --deep-crawl
aikido scan web --url https://app.example.com --business-logic
# API-specific scanning
aikido scan api --url https://api.example.com --openapi-spec api-spec.yaml
aikido scan api --url https://api.example.com --graphql
aikido scan api --url https://api.example.com --rest-endpoints
# Custom scan configuration
aikido scan web --url https://app.example.com \
--max-depth 5 \
--max-pages 1000 \
--exclude-paths "/admin/*,/internal/*" \
--include-forms \
--test-file-uploads
Advanced DAST Características
# Single Page Application (SPA) scanning
aikido scan spa --url https://app.example.com \
--framework react \
--wait-for-js \
--capture-screenshots
# Mobile application scanning
aikido scan mobile --app-file app.apk --platform android
aikido scan mobile --app-file app.ipa --platform ios
aikido scan mobile --url https://m.example.com --mobile-web
# Authenticated scanning with session management
aikido scan web --url https://app.example.com \
--maintain-session \
--session-timeout 30m \
--re-authenticate-on-failure
# Performance-aware scanning
aikido scan web --url https://app.example.com \
--rate-limit 10 \
--concurrent-requests 5 \
--respect-robots-txt \
--polite-mode
Vigilancia de la seguridad en la nube
Multi-Cloud Infrastructure Scanning
# AWS cloud security assessment
aikido cloud connect aws --access-key YOUR_ACCESS_KEY \
--secret-key YOUR_SECRET_KEY \
--region us-east-1
aikido cloud scan aws --account-id 123456789012 \
--services ec2,s3,rds,iam,vpc \
--compliance-frameworks cis,nist
# Azure cloud security assessment
aikido cloud connect azure --subscription-id YOUR_SUBSCRIPTION_ID \
--client-id YOUR_CLIENT_ID \
--client-secret YOUR_CLIENT_SECRET \
--tenant-id YOUR_TENANT_ID
aikido cloud scan azure --subscription YOUR_SUBSCRIPTION_ID \
--services vm,storage,sql,keyvault,network \
--compliance-frameworks cis,iso27001
# Google Cloud Platform assessment
aikido cloud connect gcp --project-id YOUR_PROJECT_ID \
--service-account-key service-account.json
aikido cloud scan gcp --project-id YOUR_PROJECT_ID \
--services compute,storage,sql,iam,network \
--compliance-frameworks cis,nist
Container and Kubernetes Security
# Container image scanning
aikido scan container --image nginx:latest
aikido scan container --image myapp:v1.0 --dockerfile Dockerfile
aikido scan container --image-tar myapp.tar
# Kubernetes cluster security assessment
aikido scan k8s --kubeconfig ~/.kube/config
aikido scan k8s --namespace production --all-workloads
aikido scan k8s --cluster-name prod-cluster --compliance cis-k8s
# Docker Compose security analysis
aikido scan compose --file docker-compose.yml
aikido scan compose --file docker-compose.prod.yml --environment production
# Container registry scanning
aikido scan registry --url registry.example.com \
--username registry_user \
--password registry_pass \
--scan-all-tags
Infraestructura como Código (IaC) Seguridad
# Terraform security scanning
aikido scan terraform --path ./terraform
aikido scan terraform --file main.tf --plan terraform.plan
aikido scan terraform --state terraform.tfstate
# CloudFormation template scanning
aikido scan cloudformation --template template.yaml
aikido scan cloudformation --stack-name my-stack --region us-east-1
# Ansible playbook security analysis
aikido scan ansible --playbook site.yml
aikido scan ansible --inventory inventory.ini --check-vault
# Helm chart security scanning
aikido scan helm --chart ./mychart
aikido scan helm --chart-name nginx --repo stable
CI/CD Integración y Automatización
Pipeline Integration
# GitHub Actions integration
name: Aikido Security Scan
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Aikido CLI
run: |
npm install -g @aikidosec/cli
aikido auth configure --token ${{ secrets.AIKIDO_TOKEN }}
- name: Code Security Scan
run: |
aikido scan code --path ./src --format json > code-results.json
aikido scan dependencies --package-file package.json --format json > deps-results.json
- name: Infrastructure Scan
run: |
aikido scan terraform --path ./infrastructure --format json > iac-results.json
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-scan-results
path: |
code-results.json
deps-results.json
iac-results.json
- name: Quality Gate
run: |
aikido quality-gate --threshold critical:0,high:5,medium:20
Jenkins Pipeline Integration
// Jenkinsfile
pipeline {
agent any
environment {
AIKIDO_TOKEN = credentials('aikido-api-token')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Security Scan') {
parallel {
stage('Code Analysis') {
steps {
sh '''
aikido scan code --path ./src --format json > code-scan.json
aikido scan dependencies --package-file package.json --format json > deps-scan.json
'''
}
}
stage('Infrastructure Scan') {
steps {
sh '''
aikido scan terraform --path ./terraform --format json > iac-scan.json
aikido scan docker --dockerfile Dockerfile --format json > container-scan.json
'''
}
}
}
}
stage('Security Gate') {
steps {
script {
def scanResults = sh(
script: 'aikido quality-gate --threshold critical:0,high:3 --format json',
returnStdout: true
).trim()
def results = readJSON text: scanResults
if (results.gate_status == 'failed') {
error("Security quality gate failed: ${results.violations} violations found")
}
}
}
}
stage('Deploy') {
when {
branch 'main'
}
steps {
echo 'Deploying application...'
// Deployment steps here
}
}
}
post {
always {
archiveArtifacts artifacts: '*-scan.json', fingerprint: true
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'security-report.html',
reportName: 'Aikido Security Report'
])
}
}
}
GitLab CI Integration
# .gitlab-ci.yml
stages:
- security-scan
- quality-gate
- deploy
variables:
AIKIDO_TOKEN: $AIKIDO_API_TOKEN
security-scan:
stage: security-scan
image: node:18
before_script:
- npm install -g @aikidosec/cli
- aikido auth configure --token $AIKIDO_TOKEN
script:
- aikido scan code --path ./src --format json > code-scan.json
- aikido scan dependencies --package-file package.json --format json > deps-scan.json
- aikido scan terraform --path ./infrastructure --format json > iac-scan.json
artifacts:
reports:
security:
- code-scan.json
- deps-scan.json
- iac-scan.json
expire_in: 1 week
quality-gate:
stage: quality-gate
image: node:18
dependencies:
- security-scan
before_script:
- npm install -g @aikidosec/cli
- aikido auth configure --token $AIKIDO_TOKEN
script:
- aikido quality-gate --threshold critical:0,high:5,medium:20
allow_failure: false
deploy:
stage: deploy
script:
- echo "Deploying application..."
only:
- main
dependencies:
- quality-gate
Vigilancia y alerta continua
Vigilancia de la seguridad en tiempo real
# Enable continuous monitoring
aikido monitor enable --targets all
aikido monitor enable --target web:https://app.example.com
aikido monitor enable --target api:https://api.example.com
# Configure monitoring schedules
aikido monitor schedule --target web:https://app.example.com \
--frequency daily \
--time "02:00" \
--timezone "UTC"
aikido monitor schedule --target api:https://api.example.com \
--frequency hourly \
--business-hours-only
# Real-time vulnerability monitoring
aikido monitor vulnerabilities --real-time
aikido monitor dependencies --auto-update-check
aikido monitor cloud --compliance-drift-detection
Configuración y gestión de alerta
# Configure alert channels
aikido alerts add slack --webhook-url https://hooks.slack.com/services/...
aikido alerts add email --recipients security@example.com,dev@example.com
aikido alerts add webhook --url https://api.example.com/security/alerts
aikido alerts add pagerduty --integration-key YOUR_INTEGRATION_KEY
# Alert severity and conditions
aikido alerts configure --severity critical --immediate
aikido alerts configure --severity high --within 1h
aikido alerts configure --severity medium --daily-digest
aikido alerts configure --severity low --weekly-summary
# Custom alert rules
aikido alerts rule create --name "Critical API Vulnerabilities" \
--condition "severity=critical AND target_type=api" \
--action "slack,email,pagerduty"
aikido alerts rule create --name "New Dependency Vulnerabilities" \
--condition "type=dependency AND age<24h" \
--action "slack,email"
# Alert suppression and management
aikido alerts suppress --vulnerability-id CVE-2023-1234 --duration 7d
aikido alerts acknowledge --alert-id 12345 --assignee john.doe
aikido alerts escalate --alert-id 12345 --to security-team
Cumplimiento y gobernanza
# Compliance framework configuration
aikido compliance enable --framework owasp-top10
aikido compliance enable --framework pci-dss
aikido compliance enable --framework iso27001
aikido compliance enable --framework nist-csf
aikido compliance enable --framework sox
# Policy enforcement
aikido policy create --name "Critical Vulnerability SLA" \
--rule "critical_vulnerabilities.remediation_time <= 24h"
aikido policy create --name "Dependency Update Policy" \
--rule "high_risk_dependencies.age <= 7d"
aikido policy create --name "Code Quality Gate" \
--rule "code_coverage >= 80% AND security_issues.critical == 0"
# Governance reporting
aikido governance report --framework pci-dss --period quarterly
aikido governance report --framework iso27001 --period annual
aikido governance dashboard --compliance-overview
API y automatización
REST API Usage
# Authentication
export AIKIDO_API_TOKEN="your_api_token_here"
# Get organization information
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/organizations
# List all projects
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/projects
# Get vulnerability summary
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/vulnerabilities/summary
# Start a new scan
curl -X POST \
-H "Authorization: Bearer $AIKIDO_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"target": "https://app.example.com", "scan_type": "comprehensive"}' \
https://api.aikido.dev/v1/scans
# Get scan results
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/scans/12345/results
Python SDK Usage
# Install Aikido Python SDK
# pip install aikido-security
from aikido import AikidoClient
import json
# Initialize client
client = AikidoClient(api_token="your_api_token_here")
# Get organization info
org_info = client.organizations.get_current()
print(f"Organization: {org_info['name']}")
# List projects
projects = client.projects.list()
for project in projects:
print(f"Project: {project['name']} - {project['status']}")
# Start a code scan
scan_config = {
"project_id": "project-123",
"scan_type": "code",
"path": "./src",
"language": "javascript"
}
scan = client.scans.create(scan_config)
print(f"Scan started: {scan['id']}")
# Wait for scan completion
scan_result = client.scans.wait_for_completion(scan['id'], timeout=1800)
# Get vulnerabilities
vulnerabilities = client.vulnerabilities.list(
project_id="project-123",
severity=["critical", "high"]
)
print(f"Found {len(vulnerabilities)} high/critical vulnerabilities:")
for vuln in vulnerabilities:
print(f"- {vuln['title']} ({vuln['severity']})")
# Generate report
report = client.reports.generate(
project_id="project-123",
format="pdf",
include_remediation=True
)
with open("security_report.pdf", "wb") as f:
f.write(report)
# Manage alerts
alerts = client.alerts.list(status="open")
for alert in alerts:
if alert['severity'] == 'critical':
# Acknowledge critical alerts
client.alerts.acknowledge(alert['id'], assignee="security-team")
# Send to incident management
incident_data = {
"title": f"Critical Security Alert: {alert['title']}",
"description": alert['description'],
"severity": "high",
"source": "aikido-security"
}
# Integration with incident management system
# incident_system.create_incident(incident_data)
Integración Webhook
# Webhook handler example (Flask)
from flask import Flask, request, jsonify
import hmac
import hashlib
import json
app = Flask(__name__)
WEBHOOK_SECRET = "your_webhook_secret"
def verify_signature(payload, signature):
"""Verify webhook signature"""
expected_signature = hmac.new(
WEBHOOK_SECRET.encode(),
payload,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected_signature}", signature)
@app.route('/aikido-webhook', methods=['POST'])
def handle_aikido_webhook():
# Verify signature
signature = request.headers.get('X-Aikido-Signature')
if not verify_signature(request.data, signature):
return jsonify({"error": "Invalid signature"}), 401
# Parse webhook data
data = request.json
event_type = data.get('event_type')
if event_type == 'vulnerability_found':
handle_vulnerability_found(data)
elif event_type == 'scan_completed':
handle_scan_completed(data)
elif event_type == 'compliance_violation':
handle_compliance_violation(data)
return jsonify({"status": "processed"}), 200
def handle_vulnerability_found(data):
"""Handle new vulnerability discovery"""
vulnerability = data['vulnerability']
if vulnerability['severity'] == 'critical':
# Send immediate alert
send_critical_alert(vulnerability)
# Create incident ticket
create_incident_ticket(vulnerability)
# Notify security team
notify_security_team(vulnerability)
def handle_scan_completed(data):
"""Handle scan completion"""
scan = data['scan']
# Update dashboard
update_security_dashboard(scan)
# Generate report if needed
if scan['vulnerabilities']['critical'] > 0:
generate_executive_report(scan)
def handle_compliance_violation(data):
"""Handle compliance violations"""
violation = data['violation']
# Log compliance event
log_compliance_event(violation)
# Notify compliance team
notify_compliance_team(violation)
# Update compliance dashboard
update_compliance_status(violation)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
Características avanzadas y personalización
Normas y políticas de seguridad personalizadas
# custom-security-rules.yaml
rules:
custom_sql_injection:
name: "Advanced SQL Injection Detection"
description: "Detect complex SQL injection patterns"
severity: high
category: injection
patterns:
| - regex: "(?i)(union | select | insert | update | delete | drop | create | alter).*['\"].*['\"]" |
- regex: "(?i)\\b(or|and)\\s+['\"]?\\d+['\"]?\\s*=\\s*['\"]?\\d+['\"]?"
languages: [javascript, python, php, java, csharp]
api_security_headers:
name: "Missing API Security Headers"
description: "Check for required security headers in API responses"
severity: medium
category: configuration
checks:
- header: "X-Content-Type-Options"
required: true
value: "nosniff"
- header: "X-Frame-Options"
required: true
values: ["DENY", "SAMEORIGIN"]
- header: "Content-Security-Policy"
required: true
pattern: ".*default-src.*"
sensitive_data_exposure:
name: "Sensitive Data in Logs"
description: "Detect potential sensitive data in log statements"
severity: high
category: data_exposure
patterns:
- regex: "(?i)log.*password"
- regex: "(?i)log.*credit.?card"
- regex: "(?i)log.*ssn|social.?security"
- regex: "(?i)console\\.log.*token"
exclude_patterns:
- "password_hash"
- "password_length"
policies:
zero_critical_policy:
name: "Zero Critical Vulnerabilities"
description: "Block deployment if critical vulnerabilities found"
conditions:
- "vulnerabilities.critical == 0"
action: "block_deployment"
dependency_freshness:
name: "Dependency Freshness Policy"
description: "Ensure dependencies are not too old"
conditions:
- "dependencies.high_risk.age <= 30d"
- "dependencies.outdated.count <= 10"
action: "warn"
code_coverage_gate:
name: "Code Coverage Quality Gate"
description: "Maintain minimum code coverage"
conditions:
- "code_coverage.line >= 80"
- "code_coverage.branch >= 70"
action: "warn"
Integraciones y extensiones personalizadas
# custom_aikido_integration.py
import requests
import json
from typing import Dict, List, Optional
class AikidoCustomIntegration:
def __init__(self, api_token: str, base_url: str = "https://api.aikido.dev/v1"):
self.api_token = api_token
self.base_url = base_url
self.headers = {
"Authorization": f"Bearer {api_token}",
"Content-Type": "application/json"
}
def create_custom_scan_profile(self, profile_data: Dict) -> Dict:
"""Create a custom scan profile"""
response = requests.post(
f"{self.base_url}/scan-profiles",
headers=self.headers,
json=profile_data
)
return response.json()
def bulk_vulnerability_update(self, updates: List[Dict]) -> Dict:
"""Bulk update vulnerability status"""
response = requests.patch(
f"{self.base_url}/vulnerabilities/bulk",
headers=self.headers,
json={"updates": updates}
)
return response.json()
def generate_custom_report(self, report_config: Dict) -> bytes:
"""Generate custom security report"""
response = requests.post(
f"{self.base_url}/reports/custom",
headers=self.headers,
json=report_config
)
return response.content
def sync_with_jira(self, project_id: str, jira_config: Dict) -> Dict:
"""Synchronize vulnerabilities with Jira"""
vulnerabilities = self.get_vulnerabilities(project_id, severity=["high", "critical"])
jira_tickets = []
for vuln in vulnerabilities:
if not vuln.get('jira_ticket_id'):
ticket = self.create_jira_ticket(vuln, jira_config)
jira_tickets.append(ticket)
# Update vulnerability with Jira ticket ID
self.update_vulnerability(vuln['id'], {'jira_ticket_id': ticket['id']})
return {"created_tickets": len(jira_tickets), "tickets": jira_tickets}
def compliance_dashboard_data(self, frameworks: List[str]) -> Dict:
"""Get compliance dashboard data for multiple frameworks"""
compliance_data = {}
for framework in frameworks:
response = requests.get(
f"{self.base_url}/compliance/{framework}/status",
headers=self.headers
)
compliance_data[framework] = response.json()
return compliance_data
def automated_remediation_suggestions(self, vulnerability_id: str) -> Dict:
"""Get AI-powered remediation suggestions"""
response = requests.get(
f"{self.base_url}/vulnerabilities/{vulnerability_id}/remediation",
headers=self.headers,
params={"include_ai_suggestions": True}
)
return response.json()
# Usage example
integration = AikidoCustomIntegration("your_api_token")
# Create custom scan profile for microservices
microservice_profile = {
"name": "Microservice Security Profile",
"description": "Optimized for containerized microservices",
"rules": {
"container_security": True,
"api_security": True,
"service_mesh_security": True,
"secrets_management": True
},
"scan_intensity": "high",
"compliance_frameworks": ["owasp-top10", "nist-csf"]
}
profile = integration.create_custom_scan_profile(microservice_profile)
print(f"Created scan profile: {profile['id']}")
# Bulk update vulnerability status
vulnerability_updates = [
{"id": "vuln-123", "status": "resolved", "resolution": "patched"},
{"id": "vuln-456", "status": "accepted_risk", "justification": "Legacy system"},
{"id": "vuln-789", "status": "false_positive", "reason": "Test environment only"}
]
update_result = integration.bulk_vulnerability_update(vulnerability_updates)
print(f"Updated {update_result['updated_count']} vulnerabilities")
Solución de problemas y mejores prácticas
Problemas y soluciones comunes
# Authentication and connectivity issues
aikido auth verify
aikido auth refresh-token
aikido config check-connectivity
# Scan performance optimization
aikido config set scan-timeout 3600
aikido config set max-concurrent-scans 3
aikido config set rate-limit-delay 1000
# False positive management
aikido vulnerabilities mark-false-positive --id vuln-123 --reason "test-data"
aikido vulnerabilities whitelist --pattern "test/*" --reason "test-files"
aikido rules disable --rule-id custom-rule-456 --temporary
# Memory and resource optimization
aikido config set memory-limit 4GB
aikido config set temp-directory /tmp/aikido
aikido cache clear --all
Optimización del rendimiento
# Optimize scan performance
aikido scan code --path ./src --parallel-workers 4
aikido scan code --path ./src --incremental --baseline main
aikido scan code --path ./src --exclude-patterns "*.min.js,*.test.*"
# Dependency scan optimization
aikido scan dependencies --cache-results --cache-duration 24h
aikido scan dependencies --exclude-dev-dependencies
aikido scan dependencies --fast-mode
# Cloud scan optimization
aikido cloud scan aws --regions us-east-1,us-west-2 --services-filter critical
aikido cloud scan azure --resource-groups production --parallel-regions
aikido cloud scan gcp --projects production-* --skip-inactive-resources
Prácticas óptimas de seguridad
# Secure API token management
aikido auth rotate-token --schedule monthly
aikido auth list-tokens --show-last-used
aikido auth revoke-token --token-id old-token-123
# Audit and compliance
aikido audit enable --log-all-actions
aikido audit export --format json --period last-30-days
aikido compliance validate --framework pci-dss --auto-remediate
# Data protection and privacy
aikido config set data-retention 90d
aikido config set anonymize-sensitive-data true
aikido config set encrypt-at-rest true
Vigilancia y mantenimiento
# System health monitoring
aikido system health-check
aikido system performance-metrics
aikido system resource-usage
# Regular maintenance tasks
aikido maintenance cleanup-old-scans --older-than 90d
aikido maintenance optimize-database
aikido maintenance update-vulnerability-database
# Backup and disaster recovery
aikido backup create --include-config --include-scan-history
aikido backup restore --backup-id backup-456 --verify-integrity
aikido backup schedule --frequency weekly --retention 12w