Aikido Security Cheat Sheet
Overview
Aikido Security provides end-to-end code-to-cloud security platform designed for continuous VAPT (Vulnerability Assessment and Penetration Testing) and seamless integration into developer workflows. It combines static analysis, dynamic testing, dependency scanning, and cloud security monitoring in a unified platform optimized for modern DevSecOps practices.
⚠️ Note: Commercial platform with free tier for small teams. Enterprise pricing available for larger organizations.
Getting Started
Account Setup and Onboarding
# Initial setup process:
# 1. Sign up at aikido.dev
# 2. Verify email and complete profile
# 3. Create organization workspace
# 4. Install Aikido CLI tool
# 5. Connect first repository
# 6. Configure initial security policies
# CLI installation
npm install -g @aikidosec/cli
# or
curl -sSL https://get.aikido.dev | sh
# Verify installation
aikido --version
aikido auth login
Workspace Configuration
# Initialize Aikido in project
aikido init
# Configure project settings
aikido config set project-name "my-application"
aikido config set environment "production"
aikido config set scan-schedule "daily"
# Set up authentication
aikido auth configure --token YOUR_API_TOKEN
aikido auth verify
# Check workspace status
aikido status
aikido info
Code Security Analysis
Static Application Security Testing (SAST)
# Run comprehensive code analysis
aikido scan code --path ./src --language javascript
aikido scan code --path ./src --language python --deep-analysis
aikido scan code --path ./src --language java --include-tests
# Language-specific scanning
aikido scan javascript --path ./src --frameworks react,express
aikido scan python --path ./src --frameworks django,flask
aikido scan java --path ./src --frameworks spring,struts
aikido scan csharp --path ./src --frameworks dotnet,mvc
aikido scan php --path ./src --frameworks laravel,symfony
# Custom rule configuration
aikido scan code --rules-file custom-rules.yaml
aikido scan code --exclude-rules "low-severity"
aikido scan code --include-rules "owasp-top10"
Code Quality and Security Rules
# aikido-rules.yaml
rules:
security:
sql_injection:
enabled: true
severity: high
patterns:
- "SELECT.*FROM.*WHERE.*=.*\\$"
- "INSERT.*INTO.*VALUES.*\\$"
xss_vulnerabilities:
enabled: true
severity: high
patterns:
- "innerHTML.*=.*user"
- "document.write.*user"
hardcoded_secrets:
enabled: true
severity: critical
patterns:
- "password\\s*=\\s*['\"][^'\"]{8,}['\"]"
- "api[_-]?key\\s*=\\s*['\"][^'\"]{16,}['\"]"
quality:
code_complexity:
enabled: true
max_cyclomatic_complexity: 10
max_function_length: 50
maintainability:
enabled: true
max_file_length: 500
require_documentation: true
exclusions:
paths:
- "node_modules/"
- "vendor/"
- "*.test.js"
- "*.spec.py"
rules:
- "test-specific-rule"
- "legacy-code-exception"
Dependency and Supply Chain Security
# Scan dependencies for vulnerabilities
aikido scan dependencies --package-file package.json
aikido scan dependencies --package-file requirements.txt
aikido scan dependencies --package-file pom.xml
aikido scan dependencies --package-file composer.json
# Advanced dependency analysis
aikido scan dependencies --include-dev-dependencies
aikido scan dependencies --check-licenses
aikido scan dependencies --supply-chain-analysis
aikido scan dependencies --malware-detection
# Dependency update recommendations
aikido dependencies update-check
aikido dependencies security-advisories
aikido dependencies license-compliance
aikido dependencies outdated-packages
# Generate dependency reports
aikido dependencies report --format json
aikido dependencies report --format csv
aikido dependencies report --format sbom # Software Bill of Materials
Dynamic Application Security Testing (DAST)
Web Application Scanning
# Configure web application target
aikido target add web --url https://app.example.com
aikido target add web --url https://api.example.com --type api
aikido target add web --url https://staging.example.com --environment staging
# Authentication setup for DAST
aikido auth web configure --url https://app.example.com \
--login-url /login \
--username testuser \
--password testpass \
--success-indicator "Dashboard"
# OAuth/OIDC authentication
aikido auth web configure --url https://app.example.com \
--auth-type oauth2 \
--client-id YOUR_CLIENT_ID \
--client-secret YOUR_CLIENT_SECRET \
--scope "read write"
# API key authentication
aikido auth api configure --url https://api.example.com \
--auth-type api-key \
--header "X-API-Key" \
--value YOUR_API_KEY
Comprehensive DAST Scanning
# Quick security scan
aikido scan web --url https://app.example.com --quick
aikido scan web --url https://app.example.com --owasp-top10
# Full comprehensive scan
aikido scan web --url https://app.example.com --comprehensive
aikido scan web --url https://app.example.com --deep-crawl
aikido scan web --url https://app.example.com --business-logic
# API-specific scanning
aikido scan api --url https://api.example.com --openapi-spec api-spec.yaml
aikido scan api --url https://api.example.com --graphql
aikido scan api --url https://api.example.com --rest-endpoints
# Custom scan configuration
aikido scan web --url https://app.example.com \
--max-depth 5 \
--max-pages 1000 \
--exclude-paths "/admin/*,/internal/*" \
--include-forms \
--test-file-uploads
Advanced DAST Features
# Single Page Application (SPA) scanning
aikido scan spa --url https://app.example.com \
--framework react \
--wait-for-js \
--capture-screenshots
# Mobile application scanning
aikido scan mobile --app-file app.apk --platform android
aikido scan mobile --app-file app.ipa --platform ios
aikido scan mobile --url https://m.example.com --mobile-web
# Authenticated scanning with session management
aikido scan web --url https://app.example.com \
--maintain-session \
--session-timeout 30m \
--re-authenticate-on-failure
# Performance-aware scanning
aikido scan web --url https://app.example.com \
--rate-limit 10 \
--concurrent-requests 5 \
--respect-robots-txt \
--polite-mode
Cloud Security Monitoring
Multi-Cloud Infrastructure Scanning
# AWS cloud security assessment
aikido cloud connect aws --access-key YOUR_ACCESS_KEY \
--secret-key YOUR_SECRET_KEY \
--region us-east-1
aikido cloud scan aws --account-id 123456789012 \
--services ec2,s3,rds,iam,vpc \
--compliance-frameworks cis,nist
# Azure cloud security assessment
aikido cloud connect azure --subscription-id YOUR_SUBSCRIPTION_ID \
--client-id YOUR_CLIENT_ID \
--client-secret YOUR_CLIENT_SECRET \
--tenant-id YOUR_TENANT_ID
aikido cloud scan azure --subscription YOUR_SUBSCRIPTION_ID \
--services vm,storage,sql,keyvault,network \
--compliance-frameworks cis,iso27001
# Google Cloud Platform assessment
aikido cloud connect gcp --project-id YOUR_PROJECT_ID \
--service-account-key service-account.json
aikido cloud scan gcp --project-id YOUR_PROJECT_ID \
--services compute,storage,sql,iam,network \
--compliance-frameworks cis,nist
Container and Kubernetes Security
# Container image scanning
aikido scan container --image nginx:latest
aikido scan container --image myapp:v1.0 --dockerfile Dockerfile
aikido scan container --image-tar myapp.tar
# Kubernetes cluster security assessment
aikido scan k8s --kubeconfig ~/.kube/config
aikido scan k8s --namespace production --all-workloads
aikido scan k8s --cluster-name prod-cluster --compliance cis-k8s
# Docker Compose security analysis
aikido scan compose --file docker-compose.yml
aikido scan compose --file docker-compose.prod.yml --environment production
# Container registry scanning
aikido scan registry --url registry.example.com \
--username registry_user \
--password registry_pass \
--scan-all-tags
Infrastructure as Code (IaC) Security
# Terraform security scanning
aikido scan terraform --path ./terraform
aikido scan terraform --file main.tf --plan terraform.plan
aikido scan terraform --state terraform.tfstate
# CloudFormation template scanning
aikido scan cloudformation --template template.yaml
aikido scan cloudformation --stack-name my-stack --region us-east-1
# Ansible playbook security analysis
aikido scan ansible --playbook site.yml
aikido scan ansible --inventory inventory.ini --check-vault
# Helm chart security scanning
aikido scan helm --chart ./mychart
aikido scan helm --chart-name nginx --repo stable
CI/CD Integration and Automation
Pipeline Integration
# GitHub Actions integration
name: Aikido Security Scan
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Aikido CLI
run: |
npm install -g @aikidosec/cli
aikido auth configure --token ${{ secrets.AIKIDO_TOKEN }}
- name: Code Security Scan
run: |
aikido scan code --path ./src --format json > code-results.json
aikido scan dependencies --package-file package.json --format json > deps-results.json
- name: Infrastructure Scan
run: |
aikido scan terraform --path ./infrastructure --format json > iac-results.json
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-scan-results
path: |
code-results.json
deps-results.json
iac-results.json
- name: Quality Gate
run: |
aikido quality-gate --threshold critical:0,high:5,medium:20
Jenkins Pipeline Integration
// Jenkinsfile
pipeline {
agent any
environment {
AIKIDO_TOKEN = credentials('aikido-api-token')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Security Scan') {
parallel {
stage('Code Analysis') {
steps {
sh '''
aikido scan code --path ./src --format json > code-scan.json
aikido scan dependencies --package-file package.json --format json > deps-scan.json
'''
}
}
stage('Infrastructure Scan') {
steps {
sh '''
aikido scan terraform --path ./terraform --format json > iac-scan.json
aikido scan docker --dockerfile Dockerfile --format json > container-scan.json
'''
}
}
}
}
stage('Security Gate') {
steps {
script {
def scanResults = sh(
script: 'aikido quality-gate --threshold critical:0,high:3 --format json',
returnStdout: true
).trim()
def results = readJSON text: scanResults
if (results.gate_status == 'failed') {
error("Security quality gate failed: ${results.violations} violations found")
}
}
}
}
stage('Deploy') {
when {
branch 'main'
}
steps {
echo 'Deploying application...'
// Deployment steps here
}
}
}
post {
always {
archiveArtifacts artifacts: '*-scan.json', fingerprint: true
publishHTML([
allowMissing: false,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: '.',
reportFiles: 'security-report.html',
reportName: 'Aikido Security Report'
])
}
}
}
GitLab CI Integration
# .gitlab-ci.yml
stages:
- security-scan
- quality-gate
- deploy
variables:
AIKIDO_TOKEN: $AIKIDO_API_TOKEN
security-scan:
stage: security-scan
image: node:18
before_script:
- npm install -g @aikidosec/cli
- aikido auth configure --token $AIKIDO_TOKEN
script:
- aikido scan code --path ./src --format json > code-scan.json
- aikido scan dependencies --package-file package.json --format json > deps-scan.json
- aikido scan terraform --path ./infrastructure --format json > iac-scan.json
artifacts:
reports:
security:
- code-scan.json
- deps-scan.json
- iac-scan.json
expire_in: 1 week
quality-gate:
stage: quality-gate
image: node:18
dependencies:
- security-scan
before_script:
- npm install -g @aikidosec/cli
- aikido auth configure --token $AIKIDO_TOKEN
script:
- aikido quality-gate --threshold critical:0,high:5,medium:20
allow_failure: false
deploy:
stage: deploy
script:
- echo "Deploying application..."
only:
- main
dependencies:
- quality-gate
Continuous Monitoring and Alerting
Real-time Security Monitoring
# Enable continuous monitoring
aikido monitor enable --targets all
aikido monitor enable --target web:https://app.example.com
aikido monitor enable --target api:https://api.example.com
# Configure monitoring schedules
aikido monitor schedule --target web:https://app.example.com \
--frequency daily \
--time "02:00" \
--timezone "UTC"
aikido monitor schedule --target api:https://api.example.com \
--frequency hourly \
--business-hours-only
# Real-time vulnerability monitoring
aikido monitor vulnerabilities --real-time
aikido monitor dependencies --auto-update-check
aikido monitor cloud --compliance-drift-detection
Alert Configuration and Management
# Configure alert channels
aikido alerts add slack --webhook-url https://hooks.slack.com/services/...
aikido alerts add email --recipients security@example.com,dev@example.com
aikido alerts add webhook --url https://api.example.com/security/alerts
aikido alerts add pagerduty --integration-key YOUR_INTEGRATION_KEY
# Alert severity and conditions
aikido alerts configure --severity critical --immediate
aikido alerts configure --severity high --within 1h
aikido alerts configure --severity medium --daily-digest
aikido alerts configure --severity low --weekly-summary
# Custom alert rules
aikido alerts rule create --name "Critical API Vulnerabilities" \
--condition "severity=critical AND target_type=api" \
--action "slack,email,pagerduty"
aikido alerts rule create --name "New Dependency Vulnerabilities" \
--condition "type=dependency AND age<24h" \
--action "slack,email"
# Alert suppression and management
aikido alerts suppress --vulnerability-id CVE-2023-1234 --duration 7d
aikido alerts acknowledge --alert-id 12345 --assignee john.doe
aikido alerts escalate --alert-id 12345 --to security-team
Compliance and Governance
# Compliance framework configuration
aikido compliance enable --framework owasp-top10
aikido compliance enable --framework pci-dss
aikido compliance enable --framework iso27001
aikido compliance enable --framework nist-csf
aikido compliance enable --framework sox
# Policy enforcement
aikido policy create --name "Critical Vulnerability SLA" \
--rule "critical_vulnerabilities.remediation_time <= 24h"
aikido policy create --name "Dependency Update Policy" \
--rule "high_risk_dependencies.age <= 7d"
aikido policy create --name "Code Quality Gate" \
--rule "code_coverage >= 80% AND security_issues.critical == 0"
# Governance reporting
aikido governance report --framework pci-dss --period quarterly
aikido governance report --framework iso27001 --period annual
aikido governance dashboard --compliance-overview
API and Automation
REST API Usage
# Authentication
export AIKIDO_API_TOKEN="your_api_token_here"
# Get organization information
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/organizations
# List all projects
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/projects
# Get vulnerability summary
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/vulnerabilities/summary
# Start a new scan
curl -X POST \
-H "Authorization: Bearer $AIKIDO_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"target": "https://app.example.com", "scan_type": "comprehensive"}' \
https://api.aikido.dev/v1/scans
# Get scan results
curl -H "Authorization: Bearer $AIKIDO_API_TOKEN" \
https://api.aikido.dev/v1/scans/12345/results
Python SDK Usage
# Install Aikido Python SDK
# pip install aikido-security
from aikido import AikidoClient
import json
# Initialize client
client = AikidoClient(api_token="your_api_token_here")
# Get organization info
org_info = client.organizations.get_current()
print(f"Organization: {org_info['name']}")
# List projects
projects = client.projects.list()
for project in projects:
print(f"Project: {project['name']} - {project['status']}")
# Start a code scan
scan_config = {
"project_id": "project-123",
"scan_type": "code",
"path": "./src",
"language": "javascript"
}
scan = client.scans.create(scan_config)
print(f"Scan started: {scan['id']}")
# Wait for scan completion
scan_result = client.scans.wait_for_completion(scan['id'], timeout=1800)
# Get vulnerabilities
vulnerabilities = client.vulnerabilities.list(
project_id="project-123",
severity=["critical", "high"]
)
print(f"Found {len(vulnerabilities)} high/critical vulnerabilities:")
for vuln in vulnerabilities:
print(f"- {vuln['title']} ({vuln['severity']})")
# Generate report
report = client.reports.generate(
project_id="project-123",
format="pdf",
include_remediation=True
)
with open("security_report.pdf", "wb") as f:
f.write(report)
# Manage alerts
alerts = client.alerts.list(status="open")
for alert in alerts:
if alert['severity'] == 'critical':
# Acknowledge critical alerts
client.alerts.acknowledge(alert['id'], assignee="security-team")
# Send to incident management
incident_data = {
"title": f"Critical Security Alert: {alert['title']}",
"description": alert['description'],
"severity": "high",
"source": "aikido-security"
}
# Integration with incident management system
# incident_system.create_incident(incident_data)
Webhook Integration
# Webhook handler example (Flask)
from flask import Flask, request, jsonify
import hmac
import hashlib
import json
app = Flask(__name__)
WEBHOOK_SECRET = "your_webhook_secret"
def verify_signature(payload, signature):
"""Verify webhook signature"""
expected_signature = hmac.new(
WEBHOOK_SECRET.encode(),
payload,
hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected_signature}", signature)
@app.route('/aikido-webhook', methods=['POST'])
def handle_aikido_webhook():
# Verify signature
signature = request.headers.get('X-Aikido-Signature')
if not verify_signature(request.data, signature):
return jsonify({"error": "Invalid signature"}), 401
# Parse webhook data
data = request.json
event_type = data.get('event_type')
if event_type == 'vulnerability_found':
handle_vulnerability_found(data)
elif event_type == 'scan_completed':
handle_scan_completed(data)
elif event_type == 'compliance_violation':
handle_compliance_violation(data)
return jsonify({"status": "processed"}), 200
def handle_vulnerability_found(data):
"""Handle new vulnerability discovery"""
vulnerability = data['vulnerability']
if vulnerability['severity'] == 'critical':
# Send immediate alert
send_critical_alert(vulnerability)
# Create incident ticket
create_incident_ticket(vulnerability)
# Notify security team
notify_security_team(vulnerability)
def handle_scan_completed(data):
"""Handle scan completion"""
scan = data['scan']
# Update dashboard
update_security_dashboard(scan)
# Generate report if needed
if scan['vulnerabilities']['critical'] > 0:
generate_executive_report(scan)
def handle_compliance_violation(data):
"""Handle compliance violations"""
violation = data['violation']
# Log compliance event
log_compliance_event(violation)
# Notify compliance team
notify_compliance_team(violation)
# Update compliance dashboard
update_compliance_status(violation)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
Advanced Features and Customization
Custom Security Rules and Policies
# custom-security-rules.yaml
rules:
custom_sql_injection:
name: "Advanced SQL Injection Detection"
description: "Detect complex SQL injection patterns"
severity: high
category: injection
patterns:
- regex: "(?i)(union|select|insert|update|delete|drop|create|alter).*['\"].*['\"]"
- regex: "(?i)\\b(or|and)\\s+['\"]?\\d+['\"]?\\s*=\\s*['\"]?\\d+['\"]?"
languages: [javascript, python, php, java, csharp]
api_security_headers:
name: "Missing API Security Headers"
description: "Check for required security headers in API responses"
severity: medium
category: configuration
checks:
- header: "X-Content-Type-Options"
required: true
value: "nosniff"
- header: "X-Frame-Options"
required: true
values: ["DENY", "SAMEORIGIN"]
- header: "Content-Security-Policy"
required: true
pattern: ".*default-src.*"
sensitive_data_exposure:
name: "Sensitive Data in Logs"
description: "Detect potential sensitive data in log statements"
severity: high
category: data_exposure
patterns:
- regex: "(?i)log.*password"
- regex: "(?i)log.*credit.?card"
- regex: "(?i)log.*ssn|social.?security"
- regex: "(?i)console\\.log.*token"
exclude_patterns:
- "password_hash"
- "password_length"
policies:
zero_critical_policy:
name: "Zero Critical Vulnerabilities"
description: "Block deployment if critical vulnerabilities found"
conditions:
- "vulnerabilities.critical == 0"
action: "block_deployment"
dependency_freshness:
name: "Dependency Freshness Policy"
description: "Ensure dependencies are not too old"
conditions:
- "dependencies.high_risk.age <= 30d"
- "dependencies.outdated.count <= 10"
action: "warn"
code_coverage_gate:
name: "Code Coverage Quality Gate"
description: "Maintain minimum code coverage"
conditions:
- "code_coverage.line >= 80"
- "code_coverage.branch >= 70"
action: "warn"
Custom Integrations and Extensions
# custom_aikido_integration.py
import requests
import json
from typing import Dict, List, Optional
class AikidoCustomIntegration:
def __init__(self, api_token: str, base_url: str = "https://api.aikido.dev/v1"):
self.api_token = api_token
self.base_url = base_url
self.headers = {
"Authorization": f"Bearer {api_token}",
"Content-Type": "application/json"
}
def create_custom_scan_profile(self, profile_data: Dict) -> Dict:
"""Create a custom scan profile"""
response = requests.post(
f"{self.base_url}/scan-profiles",
headers=self.headers,
json=profile_data
)
return response.json()
def bulk_vulnerability_update(self, updates: List[Dict]) -> Dict:
"""Bulk update vulnerability status"""
response = requests.patch(
f"{self.base_url}/vulnerabilities/bulk",
headers=self.headers,
json={"updates": updates}
)
return response.json()
def generate_custom_report(self, report_config: Dict) -> bytes:
"""Generate custom security report"""
response = requests.post(
f"{self.base_url}/reports/custom",
headers=self.headers,
json=report_config
)
return response.content
def sync_with_jira(self, project_id: str, jira_config: Dict) -> Dict:
"""Synchronize vulnerabilities with Jira"""
vulnerabilities = self.get_vulnerabilities(project_id, severity=["high", "critical"])
jira_tickets = []
for vuln in vulnerabilities:
if not vuln.get('jira_ticket_id'):
ticket = self.create_jira_ticket(vuln, jira_config)
jira_tickets.append(ticket)
# Update vulnerability with Jira ticket ID
self.update_vulnerability(vuln['id'], {'jira_ticket_id': ticket['id']})
return {"created_tickets": len(jira_tickets), "tickets": jira_tickets}
def compliance_dashboard_data(self, frameworks: List[str]) -> Dict:
"""Get compliance dashboard data for multiple frameworks"""
compliance_data = {}
for framework in frameworks:
response = requests.get(
f"{self.base_url}/compliance/{framework}/status",
headers=self.headers
)
compliance_data[framework] = response.json()
return compliance_data
def automated_remediation_suggestions(self, vulnerability_id: str) -> Dict:
"""Get AI-powered remediation suggestions"""
response = requests.get(
f"{self.base_url}/vulnerabilities/{vulnerability_id}/remediation",
headers=self.headers,
params={"include_ai_suggestions": True}
)
return response.json()
# Usage example
integration = AikidoCustomIntegration("your_api_token")
# Create custom scan profile for microservices
microservice_profile = {
"name": "Microservice Security Profile",
"description": "Optimized for containerized microservices",
"rules": {
"container_security": True,
"api_security": True,
"service_mesh_security": True,
"secrets_management": True
},
"scan_intensity": "high",
"compliance_frameworks": ["owasp-top10", "nist-csf"]
}
profile = integration.create_custom_scan_profile(microservice_profile)
print(f"Created scan profile: {profile['id']}")
# Bulk update vulnerability status
vulnerability_updates = [
{"id": "vuln-123", "status": "resolved", "resolution": "patched"},
{"id": "vuln-456", "status": "accepted_risk", "justification": "Legacy system"},
{"id": "vuln-789", "status": "false_positive", "reason": "Test environment only"}
]
update_result = integration.bulk_vulnerability_update(vulnerability_updates)
print(f"Updated {update_result['updated_count']} vulnerabilities")
Troubleshooting and Best Practices
Common Issues and Solutions
# Authentication and connectivity issues
aikido auth verify
aikido auth refresh-token
aikido config check-connectivity
# Scan performance optimization
aikido config set scan-timeout 3600
aikido config set max-concurrent-scans 3
aikido config set rate-limit-delay 1000
# False positive management
aikido vulnerabilities mark-false-positive --id vuln-123 --reason "test-data"
aikido vulnerabilities whitelist --pattern "test/*" --reason "test-files"
aikido rules disable --rule-id custom-rule-456 --temporary
# Memory and resource optimization
aikido config set memory-limit 4GB
aikido config set temp-directory /tmp/aikido
aikido cache clear --all
Performance Optimization
# Optimize scan performance
aikido scan code --path ./src --parallel-workers 4
aikido scan code --path ./src --incremental --baseline main
aikido scan code --path ./src --exclude-patterns "*.min.js,*.test.*"
# Dependency scan optimization
aikido scan dependencies --cache-results --cache-duration 24h
aikido scan dependencies --exclude-dev-dependencies
aikido scan dependencies --fast-mode
# Cloud scan optimization
aikido cloud scan aws --regions us-east-1,us-west-2 --services-filter critical
aikido cloud scan azure --resource-groups production --parallel-regions
aikido cloud scan gcp --projects production-* --skip-inactive-resources
Security Best Practices
# Secure API token management
aikido auth rotate-token --schedule monthly
aikido auth list-tokens --show-last-used
aikido auth revoke-token --token-id old-token-123
# Audit and compliance
aikido audit enable --log-all-actions
aikido audit export --format json --period last-30-days
aikido compliance validate --framework pci-dss --auto-remediate
# Data protection and privacy
aikido config set data-retention 90d
aikido config set anonymize-sensitive-data true
aikido config set encrypt-at-rest true
Monitoring and Maintenance
# System health monitoring
aikido system health-check
aikido system performance-metrics
aikido system resource-usage
# Regular maintenance tasks
aikido maintenance cleanup-old-scans --older-than 90d
aikido maintenance optimize-database
aikido maintenance update-vulnerability-database
# Backup and disaster recovery
aikido backup create --include-config --include-scan-history
aikido backup restore --backup-id backup-456 --verify-integrity
aikido backup schedule --frequency weekly --retention 12w