---
title: "Aikido Container Vulnerability Scanning | Cloudsmith"
description: "Scan every container image stored in Cloudsmith for known vulnerabilities with Aikido. Reduce false positives, get clear remediation guidance, and start free."
canonical_url: "https://cloudsmith.com/product/integrations/aikido"
last_updated: "2026-07-08T20:16:16Z"
---
# Aikido Container Vulnerability Scanning | Cloudsmith

## Scan every container before it ships with **Aikido**

Cloudsmith gives you a single, secure home for every container image your teams ship, and the Aikido integration layers continuous vulnerability scanning on top without adding another registry to manage. Link scanned images back to their source repositories in Aikido to cut false positives and get clear, actionable severity findings instead of alert noise. Start on Aikido's free-forever plan and scale to advanced policy and reporting as your security program matures.

## How we support **Aikido**

Cloudsmith stores every container image your teams build, and the Aikido integration turns that registry into a continuously monitored security checkpoint.

[Read our Aikido documentation](https://docs.cloudsmith.com/integrations/integrating-with-aikido)

### Continuous container scanning

Aikido scans container images stored in your Cloudsmith repositories for known vulnerabilities, so nothing you distribute goes unchecked.

### Scoped, secure authentication

Connect Cloudsmith to Aikido with an API key or entitlement token scoped to only the permissions needed for scanning and access.

### Fewer false positives

Link container images to their source code repositories in Aikido to deduplicate findings and cut through noisy, low-value alerts.

### Clear remediation guidance

Every finding comes with severity levels and remediation steps, so your team knows exactly what to fix first and how to fix it.

### Free to start, built to scale

Get going on Aikido's free-forever plan, then move to paid tiers as your scanning and reporting needs grow.

## Why security teams pair Cloudsmith with **Aikido**

Disconnected scanners and manual triage leave security teams drowning in noise. Scanning containers where they already live closes the gap between storage and risk.

| Without Cloudsmith | With Cloudsmith |

| --- | --- |

| Container vulnerabilities pile up as alert noise across disconnected scanners, leaving teams to manually triage thousands of findings. | Aikido scans containers directly in Cloudsmith and applies AI-driven triage, so your team only sees the vulnerabilities that actually matter. |

| Security teams have no visibility into what is actually stored and distributed from the artifact repository, creating blind spots between build and runtime. | Every container in Cloudsmith is continuously scanned by Aikido, closing the gap between where artifacts live and where risk is found. |

| Deduplicating findings across container images and source repositories takes manual correlation work that slows remediation down. | Linking Cloudsmith container images to their code repositories in Aikido automatically deduplicates findings and speeds up fixes. |

## Frequently asked questions

### What does the Cloudsmith and Aikido integration actually do?

It connects your Cloudsmith container registry to Aikido so every image you push can be automatically scanned for known vulnerabilities, with results surfaced in Aikido's dashboard.

### How do I connect Cloudsmith to Aikido?

In Aikido, search for the Cloudsmith integration, then authenticate using your Cloudsmith username, API key or entitlement token, and namespace before selecting the repositories to scan.

### What credentials does Aikido need to scan my Cloudsmith repositories?

Aikido requires your Cloudsmith username, an API key or entitlement token, and your namespace. Cloudsmith recommends scoping these credentials to only the permissions needed for scanning.

### Can I choose which container repositories get scanned?

Yes. After authenticating, you select the specific Cloudsmith container repositories you want Aikido to monitor, rather than scanning your entire account by default.

### Does Aikido reduce false positives on Cloudsmith container scans?

Yes. Linking each container image to its relevant code repository in Aikido improves deduplication and analysis accuracy, cutting down on duplicate or irrelevant findings.

### Is there a free way to try the integration?

Yes. Aikido offers a free-forever plan that includes container vulnerability scanning for Cloudsmith users, with paid plans available for more advanced features.

### How often are my Cloudsmith containers scanned?

Cloudsmith recommends scheduling regular scans in Aikido for continuous monitoring, and Aikido re-scans your selected repositories on an ongoing basis once connected.

### What kind of vulnerability information will I see?

Aikido reports detailed findings for each container image, including severity levels and remediation steps, so your team knows exactly what to fix and how.

### Does this replace the need for a separate vulnerability scanner?

No separate scanner is needed. Aikido scans images stored in Cloudsmith directly, so you get vulnerability coverage without standing up or maintaining another tool.

### Who should use the Cloudsmith and Aikido integration?

Security and platform teams that store container images in Cloudsmith and want continuous vulnerability visibility without adding a heavyweight scanning stack are the best fit.
