Applications you build with Aha! Builder include built-in security reviews and enterprise-grade infrastructure protections. Run security reviews to evaluate your application's code and dependencies, then export the results to demonstrate compliance with your organization's governance standards.
Click any of the following links to skip ahead:
Security reviews
Navigate to Operate → Documents → Security → Code Security to access four on-demand reviews for your application:
Review for secure by design principles: Checks that security is built into your application's architecture
OWASP Top 10 review for design or coding issues: Checks for the top 10 critical web application security risks
Static code analysis for vulnerabilities: Performs an automated source code review to identify potential flaws
Dependency vulnerability scan: Checks third-party libraries and dependencies for known security weaknesses
Click Run review to generate results for any review. You can run reviews at any time — before deployment, after making changes, or as part of a regular review cycle.
Did your application fail a review or pass with a low score? Give the Report to Elle (the AI assistant) and ask for suggested improvements, then rerun the review.
Framework and encryption
Aha! Builder applications run on TypeScript. All applications run on Amazon Web Services (AWS), the same infrastructure that powers the rest of the Aha! suite.
Data is encrypted in transit using TLS 1.2 and 1.3 with Let's Encrypt certificates and at rest using AES-256 encryption.
Authentication for end users
End users of your application do not need an Aha! account. You configure authentication for your application separately under Operate → Configuration → Authentication. Six identity provider options are available:
Password
Aha!
SAML
Google
GitHub
Microsoft
For information about how Aha! Builder is governed and maintained, see Aha! Builder governance FAQs.