Issues

Collects and ingests security issues from Aikido, providing comprehensive visibility into identified vulnerabilities, security findings, and threat intelligence across your applications and infrastructure.

Sync Type: Full Snapshot

Details

This input collects security issues from the Aikido API, capturing all identified vulnerabilities and security findings. The input supports snapshot-based sync (non-incremental), fetching the complete list of issues on each run. You can filter results by issue status (open, ignored, snoozed, closed), severity level (critical, high, medium, low), or specific code and container repositories.

Prerequisites

Before connecting Monad to Aikido, you need:

1. An active Aikido account with appropriate permissions
2. OAuth2 Client Credentials (Client ID and Client Secret) for API authentication
3. Optionally, specific repository IDs if you want to filter results by code or container repositories

Setup Instructions

1. Generate OAuth2 Client Credentials

1. Log in to Aikido:

   • Navigate to your Aikido Dashboard
   • Sign in with your credentials

2. Navigate to Integrations:

   • Go to Settings in your Aikido account
   • Select API or Integrations section
   • Look for OAuth2 or API credentials management

3. Create OAuth2 Client Credentials:

   • Click Create New Client or Generate Credentials
   • Provide a descriptive name for the client (e.g., "Monad Issues Connector")
   • Ensure the client has permissions to access issues

4. Copy Your Credentials:

   • Copy your Client ID
   • Copy your Client Secret and store it securely
   • Important: Never commit your Client Secret to version control or share it publicly

2. Identify Optional Filter Values (if needed)

If you want to filter issues to specific repositories:

1. Find Code Repository ID (optional):

   • Navigate to your code repositories in Aikido
   • Note the repository ID you want to monitor

2. Find Container Repository ID (optional):

   • Navigate to your container repositories in Aikido
   • Note the container repository ID you want to monitor

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

Setting	Type	Required	Description
Client ID	string	Yes	OAuth2 Client ID for Aikido API authentication
Status	string	No	Filter issues by status. Allowed values: all, open, ignored, snoozed, closed. Defaults to all.
Code Repo ID	string	No	Optional filter to fetch issues from a specific code repository
Container Repo ID	string	No	Optional filter to fetch issues from a specific container repository
Severities	string	No	Filter issues by severity. Allowed values: critical, high, medium, low.

Secrets

Secret	Type	Required	Description
Client Secret	string	Yes	OAuth2 Client Secret for Aikido API authentication

Troubleshooting

Common Issues

1. Authentication Failures

   • Verify the Client ID and Client Secret are correct and haven't expired
   • Ensure the OAuth2 client has permissions to access issues
   • Check that the Client Secret is exactly as provided by Aikido (no extra spaces or characters)
   • Regenerate credentials if you suspect they may have been compromised

2. Missing Issues

   • Verify the Client ID has sufficient permissions to view issues
   • Check if you've applied optional filters (Status, Code Repo ID, Container Repo ID, or Severities) that may be limiting results
   • Try removing filters to ensure the basic connection is working
   • Ensure the status filter value is valid: all, open, ignored, snoozed, or closed

3. No Data After Filtering

   • Verify the Code Repo ID or Container Repo ID values are correct (check in your Aikido dashboard)
   • Confirm that the specified repository has issues to report
   • Try removing repository filters to ensure they're working as expected
   • Verify the severity filter value is valid: critical, high, medium, or low

4. Rate Limiting

   • The input implements automatic rate limiting
   • If you encounter rate limit errors, check if other processes are accessing the same API credentials
   • Consider spreading out connector runs if monitoring multiple integrations

Related Articles

• Aikido API Documentation
• Aikido OAuth2 Authentication
• Aikido Issues API Reference
• Aikido User Documentation

Sample Record

{
  "id": 238668879,
  "group_id": 28179379,
  "attack_surface": "backend",
  "status": "open",
  "severity": "critical",
  "severity_score": 92,
  "original_cvss_severity_score": 91,
  "type": "open_source",
  "rule": null,
  "rule_id": null,
  "affected_package": "golang.org/x/crypto",
  "cve_id": "CVE-2024-45337",
  "affected_file": "go.mod",
  "first_detected_at": 1777400263,
  "code_repo_id": 1962276,
  "code_repo_name": "crypt",
  "container_repo_id": null,
  "container_repo_name": null,
  "cloud_id": null,
  "cloud_name": null,
  "cloud_resource_id": null,
  "domain_id": null,
  "domain_name": null,
  "virtual_machine_id": null,
  "virtual_machine_name": null,
  "ignored_at": null,
  "closed_at": null,
  "ignored_by": "",
  "start_line": null,
  "end_line": null,
  "snooze_until": null,
  "cwe_classes": [],
  "installed_version": "v0.16.0",
  "patched_versions": ["0.31.0"],
  "license_type": null,
  "programming_language": "GO",
  "sla_days": null,
  "sla_remediate_by": null
}