Show HN: Just raised $17M for a no BS application security platform
Hello Hacker News! We’re Willem, Roeland, Felix and Madeline from Aikido Security (https://aikido.dev/) We’re building a “no BS’ application security platform. It’s the platform we wish existed, but couldn’t find.
Willem, our CTO had to manage (application) security at many of his previous startups, and honestly, hated it. Most security tools we had to use made us feel dumb. They were super complex and riddled with false positives. Their platform was behind the book a demo button. They had intransparent pricing models and honestly charged us way too much.
We think most of these platforms are built for the buyer at corporate companies, the CISO, not for the user, the developer. The people that actually need to use it.
So we built a platform that brings all the security scanners you need to secure your app, into one. We’ve built the app to be tech agnostic, it connects to your code (GitHub, GitLab, Azure Devops, Bitbucket,…), cloud (AWS, Azure, GCP, DigitalOcean), docker images (over 15 different types) & domains (any domain ofcourse) and scans them for many different types of security issues and vulnerabilities. E.g. open source dependencies, cloud misconfigurations, secrets, static code issues, IaC misconfigurations, surface monitoring issues, license risks, malware, outdated software,…
We’ve been able to do this by leveraging lots of cool open source projects. Great scanners made by awesome communities. (Syft, Gitleaks, Trivy, Grype, Zap, Nuclei, CloudSploit, Checkov, Semgrep, Gosec, Bandit,…) We built on top of those & fixed any gaps, (E.g. Bun lockfile support, Transiitive dependencies for .NET) to make sure we have full coverage. Recently, we also started own open source runtime security solution to give back to the community: https://github.com/AikidoSec/runtime-node
We’ve got about 300 paying customers right now. And over 3000 companies using us. Transparant, flat free pricing. Simple free plan for anyone to try. It takes 3 minutes to onboard to Aikido: https://app.aikido.dev/login Or you can just try it out with a demo account.
Would love to know your thoughts and questions in the comments!
TC article: https://techcrunch.com/2024/05/01/belgiums-aikido-lands-17m-... What is the purpose of asking for “act on your behalf” permission for GitHub? That doesn’t seem necessary, or shouldn’t for an eval. Sorry, but I don’t trust you (that’s the job, right?). Hi! That sentence is actually a longstanding bug in Github oAth screen. ( https://github.com/orgs/community/discussions/37117 )
Also, if you don't trust us, just use our local scanner... So we never get access to your source code...
Also we're ISO 27001/SOC2 compliant: https://www.aikido.dev/trust-center
And also, here's the process we use to make sure your code is never saved longer than necessary: https://help.aikido.dev/en/articles/6976661-aikido-never-sto... Congrats! This is useful. Back when I was CTO of a SaaS this required a patchwork of solutions and a lot of thought. Thanks Steven! Would love to get your feedback! I really like the design of the site, whoever made it did a really good job in my opinion. Thanks! Can always connect you if you're interested. ;-) Hi,how do i reach out to you! I see you had a similar comment 3 times in the last month. The easiest is probably clicking the 'contact' link on their website. That's correct. :) yeah i should stop that habit! my apologies