> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Aikido Security

> Import vulnerability findings from Aikido Security's continuous scanning into Pwnbook engagements, including code vulnerabilities, exposed secrets, and dependency issues.

## Overview

Aikido Security is a continuous security scanning platform that covers code vulnerabilities, exposed secrets, open source dependencies, container images, and cloud misconfigurations. The Pwnbook integration imports Aikido findings into your engagements for unified triage and remediation tracking.

## Prerequisites

* An [Aikido Security](https://www.aikido.dev) account
* An Aikido API token
* Admin or Owner access in Pwnbook to configure the integration

## Credentials required

| Field         | Description                                                   |
| ------------- | ------------------------------------------------------------- |
| **API Token** | An Aikido API key. Generate one in **Aikido Settings → API**. |

## Setup

<Steps>
  <Step title="Generate an Aikido API token">
    1. Log in to your Aikido account at [app.aikido.dev](https://app.aikido.dev).
    2. Go to **Settings → API Access**.
    3. Click **Generate API Key**.
    4. Copy the key — Aikido shows it only once.

    <Warning>Store the key securely. If you lose it, you'll need to regenerate a new one.</Warning>
  </Step>

  <Step title="Configure the integration in Pwnbook">
    1. Go to **Organization Settings → Marketplace → Aikido Security**.
    2. Click **Configure**.
    3. Enter your **API Token**.
    4. Click **Save & Test** to verify the connection.
  </Step>
</Steps>

## What gets synced

Aikido findings pulled into Pwnbook include:

| Field                    | Description                                                        |
| ------------------------ | ------------------------------------------------------------------ |
| **Finding ID**           | Aikido's internal finding identifier                               |
| **Severity**             | Critical, high, medium, low, informational                         |
| **Description**          | Human-readable explanation of the vulnerability                    |
| **Source location**      | File path and line range where the issue was found                 |
| **CVE ID**               | Common Vulnerabilities and Exposures identifier (where applicable) |
| **CVSS score**           | Base score and vector string                                       |
| **Package info**         | Package name and version for dependency issues                     |
| **Attack vector**        | Network, adjacent, local, or physical                              |
| **Attack complexity**    | Low or high                                                        |
| **Privileges required**  | None, low, or high                                                 |
| **Remediation guidance** | Suggested fix or upgrade path                                      |

### Finding categories

Aikido findings are organized into categories in Pwnbook:

* **Vulnerabilities** — Code-level security flaws
* **Secrets** — Exposed credentials and API tokens in source code
* **Supply Chain** — Vulnerable open source dependencies
* **Container** — Image and base OS vulnerabilities
* **Cloud** — AWS/GCP/Azure misconfigurations (if cloud scanning is enabled in Aikido)

## Viewing findings in Pwnbook

Synced Aikido findings appear under **Security Findings → Aikido** in the engagement. You can:

* Browse findings by severity, category, and repository
* View full finding detail including CVSS vectors and remediation
* Select multiple findings for bulk operations (assign to task, mark resolved)
* Link findings to threat model threats

## Refreshing findings

To pull the latest data from Aikido:

1. Go to **Security Findings → Aikido**.
2. Click **Refresh**.

New or updated findings are merged with existing data; resolved findings are marked accordingly.

## Disconnecting

To remove the Aikido integration:

1. Go to **Organization Settings → Marketplace → Aikido Security**.
2. Click **Disconnect**.
3. Confirm.

Previously synced findings remain until manually deleted.
