aikido-api-client
| Crates.io | aikido-api-client |
| lib.rs | aikido-api-client |
| version | 1.0.0 |
| created_at | 2025-12-11 11:04:26.07707+00 |
| updated_at | 2025-12-11 11:04:26.07707+00 |
| description | A Rust CLI client for the Aikido Security CI API integration |
| homepage | |
| repository | https://github.com/michallis/aikido-api-client.git |
| max_upload_size | |
| id | 1979508 |
| size | 208,946 |
Michallis Pashidis (michallis)
documentation
README
Aikido API Client
A comprehensive Rust CLI client and library for the Aikido Security API. This tool supports both the CI API for pipeline integrations and the Public API for full workspace management.
Features
CI API (Pipeline Integration)
- Differential scans for pull request checks
- Release gating to block deployments with security issues
- Custom result uploads (Checkov, SBOM)
- Automatic region detection from API key
Public API (Workspace Management)
- Workspace & Users: View workspace info, list users
- Issues & Repositories: Export issues, list repos
- Containers & Domains: Manage container scans, domain monitoring
- Compliance: SOC2, ISO 27001, NIS2 status
- Reports & Activity: PDF exports, CI scan history, activity log
- Teams & Clouds: Team management, cloud integrations
Installation
From Source
cargo build --release
The binary will be available at ./target/release/aikido-api-client.
Using Cargo
cargo install aikido-api-client
Quick Start
CI API Setup
-
Get your API key from Aikido Settings
-
Store your API key:
aikido-api-client apikey <your-api-key> -
Run a scan:
aikido-api-client scan <repository_id> <base_commit> <head_commit>
Public API Setup
-
Get your OAuth2 credentials from API Settings
-
Store your credentials:
aikido-api-client auth <client_id> <client_secret> -
Access your workspace:
aikido-api-client workspace aikido-api-client repos aikido-api-client issues
Commands
CI API Commands
apikey - Configure API Key
aikido-api-client apikey AIK_CI_EU_xxxxx
scan - Differential Scan
Run a scan comparing two commits to find new security issues:
aikido-api-client scan <repository_id> <base_commit> <head_commit> [options]
Options:
--branch <name>- Branch name being scanned--pr-title <title>- Pull request title--pr-url <url>- Pull request URL--fail-on-sast- Fail if SAST issues found--fail-on-iac- Fail if IaC issues found--fail-on-secrets- Fail if secrets found--minimum-severity <level>- Minimum severity (LOW, MEDIUM, HIGH, CRITICAL)--self-managed <scanners>- Comma-separated list of self-managed scanners
scan-release - Release Gating Scan
Check for open security issues before release:
aikido-api-client scan-release <repository_id> <head_commit> [options]
Options:
--branch <name>- Branch name--base-branch <name>- Base branch to compare--fail-on-sast,--fail-on-iac,--fail-on-secrets- Fail on specific issue types--minimum-severity <level>- Minimum severity level
upload - Upload Custom Results
Upload results from external scanners:
aikido-api-client upload <repository_id> <payload_type> <payload_file> [options]
Payload Types: checkov, json-sbom
Options:
--scan-id <id>- Associate with an existing scan--container-image <name>- Container image name
Public API Commands
auth - Configure OAuth2 Credentials
aikido-api-client auth <client_id> <client_secret>
workspace - Get Workspace Information
aikido-api-client workspace
repos - List Code Repositories
aikido-api-client repos [options]
Options:
--page <n>- Page number (default: 0)--per-page <n>- Results per page (default: 20)--include-inactive- Include inactive repositories--filter-name <name>- Filter by repository name--filter-branch <branch>- Filter by branch name
issues - List Issue Groups
aikido-api-client issues [options]
Options:
--page <n>- Page number (default: 0)--per-page <n>- Results per page (default: 20)--group-id <id>- Get details for a specific issue group
containers - List Containers
aikido-api-client containers [options]
Options:
--page <n>,--per-page <n>- Pagination--container-id <id>- Get details for a specific container
domains - Manage Domains and APIs
# Create a new domain
aikido-api-client domains create <name> [--domain-type <type>] [--url <url>]
# Remove a domain
aikido-api-client domains remove <domain_id>
# Start a domain scan
aikido-api-client domains scan <domain_id>
teams - List Teams
aikido-api-client teams [--page <n>] [--per-page <n>]
users - List Users
aikido-api-client users [options]
Options:
--page <n>,--per-page <n>- Pagination--user-id <id>- Get details for a specific user
compliance - Get Compliance Status
aikido-api-client compliance [framework]
Frameworks: soc2, iso27001, nis2, all (default)
reports - Access Reports
# Export PDF report
aikido-api-client reports pdf [--output <filename>]
# List CI scans
aikido-api-client reports ci-scans [--page <n>] [--per-page <n>]
# View activity log
aikido-api-client reports activity-log [--page <n>] [--per-page <n>]
clouds - List Connected Clouds
aikido-api-client clouds
Global Options
-q, --quiet- Disable console output--debug- Enable debug output--plain-output- Disable colored output--apikey <key>- Use specific API key (overrides stored key)
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success - scan passed or command completed |
| 1 | Error - API unavailable, invalid arguments, etc. |
| 10 | Gate failed - issues found that block the build |
Library Usage
Add to your Cargo.toml:
[dependencies]
aikido-api-client = "2.0"
tokio = { version = "1", features = ["full"] }
CI API Example
use aikido_api_client::api::{AikidoClient, ScanOptions};
#[tokio::main]
async fn main() {
let client = AikidoClient::new("AIK_CI_...");
let options = ScanOptions {
repository_id: "12345".to_string(),
base_commit_id: Some("abc123".to_string()),
head_commit_id: Some("def456".to_string()),
// ... other options
};
let result = client.start_scan(options).await.unwrap();
println!("Scan started: {}", result.scan_id);
}
Public API Example
use aikido_api_client::public_api::PublicApiClient;
#[tokio::main]
async fn main() {
let mut client = PublicApiClient::new("client_id", "client_secret");
// Get workspace info
let workspace = client.get_workspace_info().await.unwrap();
println!("Workspace: {}", workspace.name);
// List repositories
let repos = client.list_code_repositories(Default::default()).await.unwrap();
for repo in repos {
println!("Repo: {}", repo.name);
}
}
Region Support
The client automatically detects your region from the API key prefix:
AIK_CI_US_*- US region (app.us.aikido.dev)AIK_CI_ME_*- Middle East region (app.me.aikido.dev)- Default - EU region (app.aikido.dev)
Configuration
Credentials are stored in ~/.config/aikido-api-client/config.toml:
[auth]
api_key = "AIK_CI_..." # CI API key
client_id = "..." # OAuth2 client ID
client_secret = "..." # OAuth2 client secret
CI/CD Integration Examples
GitHub Actions
- name: Run Aikido Scan
env:
AIKIDO_API_KEY: ${{ secrets.AIKIDO_API_KEY }}
run: |
aikido-api-client apikey $AIKIDO_API_KEY
aikido-api-client scan ${{ github.repository_id }} \
${{ github.event.pull_request.base.sha }} \
${{ github.sha }}
Jenkins Pipeline
stage('Security Scan') {
environment {
AIKIDO_API_KEY = credentials('aikido-api-key')
}
steps {
sh 'aikido-api-client apikey ${AIKIDO_API_KEY}'
sh 'aikido-api-client scan ${REPO_ID} ${GIT_PREVIOUS_COMMIT} ${GIT_COMMIT}'
}
}
GitLab CI
security_scan:
script:
- aikido-api-client apikey $AIKIDO_API_KEY
- aikido-api-client scan $CI_PROJECT_ID $CI_MERGE_REQUEST_DIFF_BASE_SHA $CI_COMMIT_SHA
only:
- merge_requests
CircleCI
- run:
name: Security Scan
command: |
aikido-api-client apikey $AIKIDO_API_KEY
aikido-api-client scan $CIRCLE_PROJECT_REPONAME $CIRCLE_SHA1~1 $CIRCLE_SHA1
Examples
See the examples directory for complete working examples:
ci_pipeline.rs- CI/CD pipeline integrationrelease_gate.rs- Release gating workflowupload_sbom.rs- SBOM upload for container scanningpublic_api_client.rs- Public API usagecompliance_check.rs- Compliance status checking
License
MIT License - See LICENSE for details.