Aikido Container Image Scanning

Aikido Container Image Scanning is a container security tool that scans Docker and Kubernetes container images for vulnerabilities. The tool detects CVEs in open-source packages, identifies end-of-life runtimes, and scans for malware and license risks across base images, Dockerfile commands, and Kubernetes workloads. The platform includes a reachability analysis engine that determines if vulnerable functions are actually used in the code to reduce false positives. It provides automated triaging through instant deduplication and auto-ignore rules that filter out non-critical findings. The tool adapts severity scores based on environment context such as staging versus production deployments. Aikido offers an AutoFix feature that generates pull requests to remediate vulnerabilities in container images by updating base images or dependencies. The system indicates how many issues will be resolved and whether new issues might be introduced. It supports pre-hardened base images for enhanced security. The scanner integrates with multiple container registries including Docker Hub, AWS ECR, Google Container Registry, Azure Container Registry, GitLab Container Registry, DigitalOcean, Red Hat Quay, JFrog Artifactory, Scaleway, Cloudsmith, GitHub Container Registry, and Harbor. It provides visibility into container dependencies and helps organizations maintain compliance by identifying outdated software components.