Skip to main content

Overview

Aikido Security is a continuous security scanning platform that covers code vulnerabilities, exposed secrets, open source dependencies, container images, and cloud misconfigurations. The Pwnbook integration imports Aikido findings into your engagements for unified triage and remediation tracking.

Prerequisites

  • An Aikido Security account
  • An Aikido API token
  • Admin or Owner access in Pwnbook to configure the integration

Credentials required

FieldDescription
API TokenAn Aikido API key. Generate one in Aikido Settings → API.

Setup

1

Generate an Aikido API token

  1. Log in to your Aikido account at app.aikido.dev.
  2. Go to Settings → API Access.
  3. Click Generate API Key.
  4. Copy the key — Aikido shows it only once.
Store the key securely. If you lose it, you’ll need to regenerate a new one.
2

Configure the integration in Pwnbook

  1. Go to Organization Settings → Marketplace → Aikido Security.
  2. Click Configure.
  3. Enter your API Token.
  4. Click Save & Test to verify the connection.

What gets synced

Aikido findings pulled into Pwnbook include:
FieldDescription
Finding IDAikido’s internal finding identifier
SeverityCritical, high, medium, low, informational
DescriptionHuman-readable explanation of the vulnerability
Source locationFile path and line range where the issue was found
CVE IDCommon Vulnerabilities and Exposures identifier (where applicable)
CVSS scoreBase score and vector string
Package infoPackage name and version for dependency issues
Attack vectorNetwork, adjacent, local, or physical
Attack complexityLow or high
Privileges requiredNone, low, or high
Remediation guidanceSuggested fix or upgrade path

Finding categories

Aikido findings are organized into categories in Pwnbook:
  • Vulnerabilities — Code-level security flaws
  • Secrets — Exposed credentials and API tokens in source code
  • Supply Chain — Vulnerable open source dependencies
  • Container — Image and base OS vulnerabilities
  • Cloud — AWS/GCP/Azure misconfigurations (if cloud scanning is enabled in Aikido)

Viewing findings in Pwnbook

Synced Aikido findings appear under Security Findings → Aikido in the engagement. You can:
  • Browse findings by severity, category, and repository
  • View full finding detail including CVSS vectors and remediation
  • Select multiple findings for bulk operations (assign to task, mark resolved)
  • Link findings to threat model threats

Refreshing findings

To pull the latest data from Aikido:
  1. Go to Security Findings → Aikido.
  2. Click Refresh.
New or updated findings are merged with existing data; resolved findings are marked accordingly.

Disconnecting

To remove the Aikido integration:
  1. Go to Organization Settings → Marketplace → Aikido Security.
  2. Click Disconnect.
  3. Confirm.
Previously synced findings remain until manually deleted.