Aikido Security is making SAST (Static Application Security Testing) scanning free inside VS Code-based IDEs including VS Code, Cursor, Windsurf, Kiro, and Google Antigravity. The IDE plugin runs real-time scans on file open/save using the same analysis engine and rules as the Aikido platform, surfacing issues inline, in a sidebar, and in the Problems panel. Full workspace scans are also supported for project-wide security baselines. For supported findings, an AI AutoFix feature generates reviewable diffs directly in the editor. JetBrains IDE support remains on paid plans. The goal is to shift SAST left so issues are caught while code is being written rather than at CI or review stages.
Table of contents
The Aikido approach: why SAST belongs in the IDEReal-time SAST while writing codeProject-wide SAST inside the IDEConsistent SAST rules and signalFixing SAST issues before CI with AutoFixSupported IDEs and languagesSAST, where development actually happensGet started with SAST in the IDESort: