Ship safer code from your IDE with Aikido | ODSP932
Microsoft Developer demonstrates how to integrate security scanning directly into the IDE using Aikido, with a focus on reducing vulnerabilities in pull requests, preventing secrets from being committed, and blocking malware locally.
Overview
The session walks through using the Aikido VS Code extension to surface security issues during development, generate fix suggestions, and apply or reject changes before code reaches a PR.
What the Aikido IDE extension covers
- Security scanning directly inside VS Code
- Reducing vulnerabilities before they reach pull requests
- Detecting and preventing secrets from being introduced into commits
- Blocking malware from making it onto the developer machine
- Emphasis on being lightweight and not slowing down the developer workflow
Demo flow (session chapters)
Overview of the Aikido plugin for VS Code
- Introduction to the VS Code plugin and how it fits into day-to-day coding
Demonstration of Aikido MCP in action
- Demonstration of Aikido MCP usage within the IDE
Generating fix suggestions and applying them
- Generating suggested fixes
- Applying suggested changes from within the IDE
Fix visualization
- Explains how fixes are visualized using red and green lines
Applying or rejecting code changes
- Shows the workflow for accepting or rejecting proposed changes
Checking open-source dependencies
- Demonstrates checks related to open-source dependencies
Fixing issues or reporting false positives with Aikido AI
- Uses Aikido AI to address findings
- Shows how to report false positives
Scan completion and results
- Scan completion and reviewing the results surfaced by the extension
Auto-fix creation directly in the IDE
- Demonstrates creating auto-fixes directly inside VS Code