Error
When scanning a random docker compose yml to test the MCP, I get:
● Aikido scan completed — no issues found in #################.
Note: two scanner engines had execution errors on this system:
- SAST (Opengrep): failed to load rules (unknown taint_intrafile field —
tool/rule version mismatch)
- IaC (Checkov): binary not found at expected path
The secrets scan ran clean. To get full IaC coverage on the compose file
(which is where Checkov would flag things like exposed debug ports, missing
read-only volumes, etc.), the Aikido MCP install needs Checkov available
and Opengrep rules updated. Want me to look into fixing the setup?
System
Windows
Resolution
The taint_intrafile field was added to opengrep in v1.17.0 (April 2025). The MCP hardcodes opengrep v1.10.0 in its download URLs. Aikido's opengrep-rules repo (which the MCP pulls from their API) uses the newer schema.
The MCP resolves Checkov at: %LOCALAPPDATA%\aikido-mcp\checkov\checkov.exe
NOTE: (see @aikidosec/mcp code: path.join(i, "checkov.exe"))
The actual binary on a Windows system is at: %LOCALAPPDATA%\aikido-mcp\checkov\dist\checkov.exe
The Checkov Windows release zip (v3.2.395) extracts with a dist prefix. The MCP extractor doesn't flatten/handle this, so the executable ends up one directory deeper than the lookup expects.
Error
When scanning a random docker compose yml to test the MCP, I get:
● Aikido scan completed — no issues found in #################.
Note: two scanner engines had execution errors on this system:
- SAST (Opengrep): failed to load rules (unknown taint_intrafile field —
tool/rule version mismatch)
The secrets scan ran clean. To get full IaC coverage on the compose file
(which is where Checkov would flag things like exposed debug ports, missing
read-only volumes, etc.), the Aikido MCP install needs Checkov available
and Opengrep rules updated. Want me to look into fixing the setup?
System
Windows
Resolution
The taint_intrafile field was added to opengrep in v1.17.0 (April 2025). The MCP hardcodes opengrep v1.10.0 in its download URLs. Aikido's opengrep-rules repo (which the MCP pulls from their API) uses the newer schema.
The MCP resolves Checkov at: %LOCALAPPDATA%\aikido-mcp\checkov\checkov.exe
NOTE: (see @aikidosec/mcp code: path.join(i, "checkov.exe"))
The actual binary on a Windows system is at: %LOCALAPPDATA%\aikido-mcp\checkov\dist\checkov.exe
The Checkov Windows release zip (v3.2.395) extracts with a
distprefix. The MCP extractor doesn't flatten/handle this, so the executable ends up one directory deeper than the lookup expects.