Aikido Software Composition Analysis is a tool that scans open-source dependencies for vulnerabilities across multiple programming languages and package managers. The tool integrates with Git systems including GitHub, GitLab, Bitbucket, Azure DevOps, and GitLab Self-Managed to analyze dependency files and lockfiles. The scanner checks vulnerability databases including NVD and GitHub Advisory Database, supplemented by Aikido Intel which identifies silently patched vulnerabilities and issues without CVEs. The tool includes reachability analysis to determine if vulnerable functions are actually used in the codebase, helping to reduce false positives. Aikido provides automated remediation through AutoFix, which creates pull requests to update vulnerable packages while attempting to avoid breaking changes. The tool includes malware detection capabilities for npm packages, scanning for backdoors, trojans, keyloggers, XSS, and cryptojacking scripts. The platform generates Software Bill of Materials (SBOM) in CycloneDX and SPDX formats for both code repositories and containers. It provides deduplication of vulnerability findings across repositories and offers compliance support for SOC 2 and ISO 27001 frameworks. The tool supports multiple dependency file formats including .csproj files and provides a local scanner option in addition to Git system integrations. Vulnerability findings include remediation guidance and impact analysis.