Aikido

CVE-free images without breaking changes

Aikido creates CVE-free container images at an unprecedented pace, enabling you to fix vulnerabilities for all projects without risking any breakage.

Your data won't be shared · Read-only access · No CC required
Trusted by 50k+ orgs
|
Loved by 100k+ devs
|
4.7/5
BENEFITS

Works on your current version, without forcing an upgrade

Drop-in replacement

Your base image stays the same, but now it’s secured.

No breaking changes

Aikido backports fixes instead of forcing a distro jump.

Security past end-of-life

Get CVE fixes after end-of-life, without migration.

“Aikido let our engineers get back to what they do best building advanced defense systems without getting bogged down in CVE cleanup. It's helped us win projects, build trust, and stay ahead of schedule.”

Sam StentonHead of DevOps & Platform, SiXworks

GEA switched from Sonarqube to Aikido
No items found.
Features

How Aikido Images work

Discovers vulnerable base images

Aikido maps every container to the base it inherits and pinpoints where a patched replacement removes the most risk, org-wide.

  • Image → Base Mapping: See which services inherit each base.

  • Base-layer first: Focus on HIGH/CRITICAL issues in the base layer.

  • Aikido Image availability: Instantly know when a Root ELS replacement exists for your current base.

Let’s you auto-fix them without breaking something

Swap to a hardened ELS image. No rewrites, minimal change risk. Downstream containers get safer by default.

  • Prioritized Suggestions: Aikido suggests the swap that cuts the most risk, all recommended in AutoFix before you merge

  • One click auto-fixes: Patched builds for Debian, Ubuntu, Alpine, and more on `amd64` and `arm64`

  • Verify out of the box: SBOM, VEX, and SLSA provenance included with every pull from `docker.aikido.io`

Continues updating & monitoring

Aikido monitors patched builds and keeps your images secured, without pushing you to the next OS major.

  • Ongoing updates: Alerts when newer patch builds are available

  • Policy & gating: Block merges that ship known-vulnerable bases when a fix exists

  • Trusted supply: Aikido-maintained registry with 100+ patches researched and tested every day, served from `docker.aikido.io`

2,000+ IMAGES

Secure images that work everywhere you build

Aikido delivers pre-remediated images, so you start secure by default.
Built on trusted Linux distros, continuously updated, and fully traceable.

Secure your images, today

Aikido creates CVE-free container images at an unprecedented pace,
enabling you to fix vulnerabilities for all projects without risking any breakage.

Faq

FAQs about Aikido Images

How are the patches built?

Aikido Images are built by Aikido using a fleet of AI agents that research, patch, and test at scale. All patches are human-validated. Aikido delivers 100+ patches per day across Images and Libraries, with fixes contributed upstream where applicable.

How are Aikido Images different from container scanning

Container scanning finds CVEs, but leave the solution up to you. Aikido Images are security patched at your current version and use AutoFix to open a PR for your Dockerfile.

How do Aikido Images compare to other hardened image providers?

Other vendors supply new hardened artifacts that require you to migrate to their distrobution and versions. Aikido Images patch the base you're already on: same family, same major version, change the tag. No need to migrate or rebase.

How is this different from upgrading my base image?

Upgrading Debian 11 → 12 or 13 (or bumping a major tag) pulls new package versions across the stack. This often breaks builds and apps. Aikido Images backport security fixes into the base you run, so you remediate CVEs without breaking changes.