Aikido Security

This plugin runs SAST analysis and secrets detection as you write, catching hardcoded credentials and infrastructure misconfigurations before they ship. It watches file edits and incremental saves, parses source files and config files, and flags risky code patterns inline. It supports JavaScript, TypeScript, Python, Go, Java, Dockerfiles, Terraform and Kubernetes YAML.

Aikido Security detects leaked API keys, AWS/Azure/GCP credentials, private SSH keys, and common insecure patterns like SQL concatenation or unsafe deserialization. It annotates the exact lines, explains the issue, maps to CWE where applicable, and generates suggested code fixes or quick patch diffs you can apply. It also offers ignore comments and configurable rules so teams can tune noise.

The integration exposes results in your editor and in pre-commit flows, and connects to your repo for context-aware checks so findings include file history and recent commits. It runs fast incremental scans so you get feedback before you hit commit or open a pull request, and it links to the GitHub repo for rule details and contributions.

In a real scenario, a developer typing a Terraform change sees an inline alert for a publicly exposed S3 ACL and a detected hardcoded AWS key, accepts the suggested patch to replace the key with a reference to a managed secret, and avoids switching to a separate scanner UI or delaying a PR to fix issues later.