> ## Documentation Index
> Fetch the complete documentation index at: https://docs.backline.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Aikido Integration

> Import SCA and container image vulnerability findings from Aikido into Backline

## Overview

Aikido is a security platform that provides vulnerability scanning across your software supply chain, including open-source dependencies and container images. This integration connects Backline with Aikido to automatically import vulnerability findings, enabling centralized remediation workflows.

## What You Can Do

With the Aikido integration, Backline can:

* Automatically import SCA vulnerabilities detected in open-source dependencies
* Automatically import container image vulnerabilities detected in your container images
* Track vulnerabilities detected across your repositories and container images
* Create remediation workflows for imported vulnerabilities
* Maintain vulnerability detection timestamps from Aikido
* Centralize security vulnerabilities from multiple scanners in one place

## Prerequisites

Before connecting Aikido, ensure you have:

* An Aikido account with permission to create API clients
* Access to the Integration Hub in Backline
* A connected source control management (SCM) integration in Backline (e.g., GitHub, GitLab) for SCA findings

## Creating an API Client

Aikido authenticates API requests using an OAuth2 client-credentials API client. You must have permission to create API clients in your Aikido workspace.

<Steps>
  <Step title="Log in to Aikido">
    Access your Aikido dashboard at [https://app.aikido.dev](https://app.aikido.dev)
  </Step>

  <Step title="Navigate to API Clients">
    Go to **Settings**, then open the **API Clients** section.
  </Step>

  <Step title="Create an API Client">
    Click to create a new API client and enter a name to identify it (e.g., `Backline Integration`).
  </Step>

  <Step title="Select Scopes">
    Grant the API client the following scopes:

    * **`basics:read`**
    * **`issues:read`**
    * **`repositories:read`**

    These provide sufficient access for Backline to fetch vulnerability findings and resolve the repositories they affect.
  </Step>

  <Step title="Copy Credentials">
    Copy both the **Client ID** and **Client Secret**. Store them securely as the secret will only be shown once.
  </Step>
</Steps>

<Warning>
  Store your Client ID and Client Secret securely. The Client Secret will only be shown once during creation.
</Warning>

## Connecting Aikido

<Steps>
  <Step title="Navigate to Integrations">
    In Backline, go to the Integration Hub from the main menu.
  </Step>

  <Step title="Select Aikido">
    Find and click on the Aikido integration card.
  </Step>

  <Step title="Enter Connection Details">
    In the connection form, enter:

    * **Client ID**: The Client ID from your Aikido API client
    * **Client Secret**: The Client Secret from your Aikido API client

    Aikido is hosted at a fixed location (`https://app.aikido.dev`), so there is no API endpoint or URL to configure.
  </Step>

  <Step title="Configure Scan Options">
    Choose which vulnerability types Backline should import:

    * **Scan SCA Vulnerabilities**: Import vulnerabilities detected in open-source dependencies (enabled by default)
    * **Scan Container Image Vulnerabilities**: Import vulnerabilities detected in container images (enabled by default)
  </Step>

  <Step title="Test Connection">
    Click **Connect** to verify your credentials. Backline will authenticate with Aikido and confirm the connection is valid.
  </Step>
</Steps>

## Scan Options

Backline supports two types of findings from Aikido, which can be enabled or disabled independently:

| Option                                   | Default | Description                                                  |
| ---------------------------------------- | ------- | ------------------------------------------------------------ |
| **Scan SCA Vulnerabilities**             | Enabled | Imports vulnerabilities detected in open-source dependencies |
| **Scan Container Image Vulnerabilities** | Enabled | Imports vulnerabilities detected in container images         |

Disabling an option reduces the volume of imported findings to only the relevant asset type.

## How It Works

Once connected, Backline will:

1. **Fetch Vulnerabilities**: Periodically query the Aikido API for open vulnerability findings
2. **Map to Repositories**: Associate SCA & Container Image vulnerabilities with the correct repositories in your Backline workspace
3. **Track Detection Time**: Preserve the original detection timestamp from Aikido

## Triage Behavior

Backline respects the triage decisions you make in Aikido:

* **Ignored and snoozed issues are not imported**: Findings that you have ignored or snoozed in Aikido are not ingested into Backline.
* **Adjusted severities are honored**: If you change the severity of a finding in Aikido, Backline imports it with your adjusted severity.

## Scan Schedule

After connecting Aikido, Backline automatically schedules periodic scans to fetch new vulnerabilities. The scan runs every 6 hours to ensure your vulnerabilities stay up to date.

<Note>
  The initial scan begins shortly after the integration is connected. You can view imported findings in the Vulnerabilities section.
</Note>

## Limitations

<Note>
  The Aikido integration is read-only in this release. Backline imports findings from Aikido but does not write back any changes to Aikido — triage decisions, status changes, and comments made in Backline are not synced to Aikido.
</Note>

## Managing the Integration

### Viewing Connection Status

To check your Aikido connection:

1. Open the Integration Hub
2. Find the Aikido card
3. A **Configure** button indicates the integration is connected

### Reconnecting

If your credentials expire or need to be updated:

1. Click **Configure** on the Aikido card
2. Enter the new Client ID and Client Secret
3. Click **Connect** to verify the new credentials

## Troubleshooting

### Connection Failed — Authentication Error

If Backline cannot authenticate with Aikido:

* Verify your Client ID and Client Secret are correct
* Confirm the API client has not been deleted or disabled in Aikido
* Ensure the API client has the **`basics:read`**, **`issues:read`**, and **`repositories:read`** scopes
* Ensure the credentials were copied correctly (the Client Secret is only shown once)

### Missing Vulnerabilities

If expected vulnerabilities are not appearing:

* Only SCA and container image vulnerabilities are imported
* Issues that are ignored or snoozed in Aikido are not imported
* For SCA findings, verify the relevant repositories are accessible to Backline via your connected SCM integration
* Confirm the **Scan SCA Vulnerabilities** or **Scan Container Image Vulnerabilities** option is enabled for the finding type you expect

### SCA Findings Not Matched to Repositories

If SCA vulnerabilities are not appearing for certain repositories:

* Backline filters SCA findings to repositories accessible via your connected SCM integration
* Ensure the repository is connected and visible in Backline through your GitHub or GitLab integration