Aikido Security Extension for Visual Studio

Aikido Security is a developer-first software security platform. We scan your source code & cloud to show you which vulnerabilities are actually important to solve. The Aikido Security Visual Studio extension scans for secrets and SAST issues and offers real-time scans with inline results and problem highlighting.

Usage

Install

Install the Aikido extension in Visual Studio. The integration will prompt you to enter an access token, this can be found in the Aikido Platform by navigating to Integrations > IDE > Visual Studio. Now the extension is connected to your Aikido account and activated.

Scanning

The integration scans your codebase for secrets, API keys and SAST code issues. It runs scans whenever you open or save a file.

Every time you make and save changes in a file, a scan runs. If any issues are detected, they are highlighted in the editor and also displayed in the Error List. When you hover over a detected SAST issue, additional context about the problem is provided.

How to test this extension

If this is your first time using this extension and you want to explore its capabilities, we suggest testing it with our example file below.

• Create a new Visual Studio solution.
• Within this solution, create a class containing the code you want to scan.
• Save the file.
• Any identified issues will appear as highlights in the editor and in the Error List.

Below you can find an example Aikido.cs file that can be used to verify if the extension is working correctly, it should detect one SAST issue (SQL injection) and one exposed secret (Database password).

public static class Aikido
{
  public static void SqlInjection(string userName, string password)
  {
    using var connection = new SqlConnection("Server=prod-sqlserver.database.windows.net;Database=db;User ID=admin;Password=TGPCtvny2Ji7x63VFAAo;");

    connection.Open();

    using var command = connection.CreateCommand();
    command.CommandText = "SELECT Name FROM Users WHERE Name = '" + userName + "' Password = '" + password + "'";

    using var reader = command.ExecuteReader();
  }
}

Aikido menu

The Aikido menu can be found under the Tools menu and contains some basic commands.

• Open Aikido Scan Status: Opens the Aikido toolwindow, that can be used to see issues with the current open file.
• Reload rules: Fetches all SAST rules from the Aikido Platform. Useful when you add new custom rules.
• Options: Go to the Aikido options, where you can enter an access token to connect with the Aikido Platform.

How does the extension perform scans on a repository

The integration does two types of scanning: secret scanning with Gitleaks and SAST scanning with Opengrep. It uses Aikido-defined rules, supplemented by any custom rules you add to Aikido. The integration then processes any results to check for false positives or ignored issues.

How does the extension connect to Aikido

Using the access token that you provided, the extensions will connect and detect the matching repository in Aikido using the Git remote URL or the name of the project folder.