How does Fluid Attacks' solution compare to Tenable Nessus's? The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.

Criteria	Fluid Attacks Essential	Fluid Attacks Advanced	Tenable Nessus
Accuracy	Our SAST tool achieved the best possible result against the OWASP Benchmark: a TPR (True Positive Rate) of 100% and an FPR (False Positive Rate) of 0%.	We identify 90% of the evaluated systems' risk exposure. (Accuracy is calculated with the F1 score. Risk exposure is calculated with the formula CVSSF=4^(CVSS-4)).	In the field of system and network scanning, Nessus has a false positive rate with six sigma accuracy, measured at 0.32 defects per million scans. However, they do not provide information on false positive or false negative rates for their SAST tools.
Binary SAST	Yes. We support APK files.	Yes. Its capability is equal to that of the Essential plan.	No
Languages (Source SAST)	Yes. We support the following languages and technologies: Android, C#, CloudFormation, Configuration files, Dart, Docker, Docker Compose, Go, HTML, HTML5, jBASE, Java, JavaScript, Kotlin, Kubernetes, PHP, Python, Razor, Shell Scripting, Storybook, Swift, Terraform, TypeScript and YAML.	Yes. We support all languages and technologies supported in the Essential plan, as well as the following: ABAP, ActionScript, Apex, Assembler, ATS, Awk, C, C++, Clean, ClojureScript, Colm, cScript, Dale, Elvish, F#, Falcon, Fish, Fortran, Guile, Hana SQL Script, Haskell, Haxe, Idris, Ion, Janet, JCL, Joker, JScript, JSP, Lisp, Lobster, Natural, Nim, Objective C, Pascal, Perl, PL-SQL, PL1, PL/SQL, PowerScript, PowerShell, Prolog, R, RC, RPG4, Rust, Scala, SQL, SQR, Standard ML, T24, TAL, tcsh, Transact-SQL, VB.NET, VBA, VisualBasic 6, XML, among others.	Yes. Only their Expert license allows scanning IaC and supports the following technologies: Terraform, Kubernetes, Argo CD, Atlantis and CloudFormation.
Frameworks (Source SAST)	Yes. We support the following frameworks: .NET, .NET Core, Angular, ASP.NET, Bootstrap, Django, Express, FastAPI, Flask, Flutter, Ktor, Laravel, Nest, Next.js, Node.js, React Native, React.js, Spring, Spring Boot and Vue.js.	Yes. We support all frameworks supported in the Essential plan, as well as the following: Apache Struts, Ember.js, Gatsby, Meteor, Phoenix, Ruby Sinatra, Ruby on Rails, Svelte, Symfony, Tornado, among others.	No information available
DAST	Yes. We scan unauthenticated HTTP endpoints, including headers, DNS records, HTML content, and SSL connections for encryption suites, protocols, and X509 certificates.	Yes. Its capability is equal to that of the Essential plan.	Yes. Only their Expert license allows scanning unauthenticated and authenticated HTTP endpoints, including headers, DNS records, HTML content and SSL connections. They also cover gRPC API, REST API, SOAP API and GraphQL API.
IAST	No	No	No
SCA	Yes. We support the following package managers: Cargo, Composer, Conan, Docker Images, GitHub Actions, Go, Gradle, Hex, Maven, NPM, NuGet, pNPM, pip, Poetry, Pub, RubyGems, SBT, SwiftPM and Yarn.	Yes. Its capability is equal to that of the Essential plan.	No
PTaaS	No	Yes	No
Reverse engineering	No	Yes	No
Secure code review	No	Yes	No
CSPM	Yes	Yes	No
ASPM	Yes	Yes	No
SCM integrations	Azure DevOps, Bitbucket, GitHub and GitLab	It offers the same integrations as the Essential plan.	GitHub and GitLab
Ticketing integrations	Azure DevOps work items, GitLab issues and Jira	It offers the same integrations as the Essential plan.	No
ChatOps integrations	No	No	No
IDE integrations	VS Code	It offers the same integration as the Essential plan.	No
CI/CD integrations	AWS CodePipeline, Bamboo, CircleCI, GitHub Actions, GitLab CI, Jenkins, TeamCity, Travis CI, and any other CI/CD system that supports Docker	It offers the same integrations as the Essential plan.	Argo CD, Atlantis PR Automation, GitHub Actions and GitLab CI
Cloud Integrations	AWS, Azure and GCP	It offers the same integrations as the Essential plan.	AWS and Azure
Compliance integrations	No	No	No
SCA integrations	Native scanner (included, no integration needed)	Its capability is equal to that of the Essential plan.	No
SAST integrations	Native scanner (included, no integration needed)	Its capability is equal to that of the Essential plan.	Native scanner (included, no integration needed)
DAST integrations	Native scanner (included, no integration needed)	Its capability is equal to that of the Essential plan.	Native scanner (included, no integration needed)
IAST integrations	No	No	No
Secrets integrations	Native scanner (included, no integration needed)	Its capability is equal to that of the Essential plan.	No
Container integrations	Native scanner (included, no integration needed)	Its capability is equal to that of the Essential plan.	No
CSPM integrations	Native scanner (included, no integration needed)	Its capability is equal to that of the Essential plan.	No
Compliance	We validate some requirements based on these standards and guidelines: Agile Alliance, BSIMM, BIZEC-APP, BSAFSS, CAPEC™, CASA, C2M2, CCPA, CERT-C, CERT-J, CIS, CMMC, CPRA, CWE™, CWE TOP 25, ePrivacy Directive, FACTA, FCRA, FedRAMP, FERPA, FISMA, GDPR, GLBA, HIPAA, HITRUST CSF, ISA/IEC 62443, ISO/IEC 27001, ISO/IEC 27002, ISSAF, LGPD, MITRE ATT&CK®, MISRA-C, MVSP, NERC CIP, NIST 800-53, NIST 800-63B, NIST 800-115, NIST 800-171, NIST CSF, NIST SSDF, NYDFS, NY SHIELD Act, OSSTMM3, OWASP API Security Top 10, OWASP ASVS, OWASP MASVS, OWASP-M TOP 10, OWASP SAMM, OWASP SCP, OWASP Top 10 Privacy Risks, OWASP TOP 10, PA-DSS, PCI DSS, PDPA, PDPO, POPIA, PTES, Resolution SB 2021 2126, SANS 25, SIG Core, SIG Lite, SOC2®, SWIFT CSCF, WASC and WASSEC.	We validate all the requirements according to the same standards and guidelines as the Essential plan.	They validate requirements based on these standards and guidelines: BASEL II, CIS, COBIT, DISA, FDCC, FISMA, GLBA, HIPAA, ISO/IEC 17799, ISO/IEC 27002, ITIL, NIST, NSA, PCI DSS, SDP, SOX, USGCB, among others.
Certifications or attestations	SOC 2 Type II and SOC 3	It is covered by the same certifications and attestations as the Essential plan.	CSA Star, FedRAMP, ISO/IEC 27001, NIAP, PCI ASV and StateRAMP
Marketplaces	AWS	It is available in the same marketplace as the Essential plan.	AWS and Azure
Fast and automatic	Yes	Yes	Yes
Remediation	We provide detailed documentation on fixes and features both on our platform and in our IDE extension, which uses generative AI to offer custom step-by-step correction guidance. Additionally, our IDE extension leverages gen AI to offer automated fixes capabilities.	In addition to the Essential plan features, we offer the option of "Talk to a hacker" in which our experts help clients understand how to remediate the most challenging vulnerabilities.	They provide detailed documentation on fixes and features within their platform.
CI/CD security	We can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build).	Its capability is equal to that of the Essential plan.	They can integrate with CI/CD systems and trigger a build pipeline failure to prevent from deploying a noncompliant software version into production (break the build).
Vulnerability detection method	Automated tools	Hybrid (automated tools + AI + human intelligence)	Automated tools
Vulnerability chaining	No	By combining vulnerabilities A and B, we discover a new, higher impact vulnerability C.	No
Delivery of evidence	Our evidence is delivered in (a) PDF executive reports, (b) XLSX technical reports, (c) code pieces and (d) graphs and metrics of the system's security status.	We deliver all the types of evidence mentioned in the Essential plan, and additionally, (a) video recordings of the attack and (b) screenshots with explanatory annotations.	Their evidence is delivered in (a) PDF reports, (b) HTML reports (c) CSV report, (d) JSON format, (e) XML format and (f) graphs and metrics.
Exploitation	No	We can do exploitation as long as the client provides an available environment.	Yes. They can exploit some vulnerabilities identified during the reconnaissance process.
Zero-day vulnerabilities	No	Our security researchers search for zero-day vulnerabilities in open-source software.	Their security researchers search for zero-day vulnerabilities in open-source software.
AI/ML triage	No	Using artificial intelligence (AI), we prioritize potentially vulnerable files for assessment. Our AI is specially trained by machine learning (ML) with thousands of snippets of vulnerable code.	No
Deployment	SaaS	Same as the Essential plan.	SaaS and on-premises
Open source	Yes. MPL-2.0 license. Totally equivalent to the paid version.	Yes. MPL-2.0 license. Partially equivalent to the paid version.	No
Year founded	2001	Same founding year as the Essential plan.	2002 (Tenable Inc.)
Number of employees	139	Same number of employees as the Essential plan.	2.195 (Tenable Inc.)
Other services	Focus on automated offensive testing for applications in development.	Focus on both automated and manual offensive testing for applications in development.	External attack surface scanning, identification of vulnerabilities in operating systems, identification of vulnerabilities in networks.
Reputation sites (On a scale of 1 to 10)	Between 9.16 and 10.00 based on 31 reviews over 6.3 years from the following 3 sources: Clutch, Gartner Peer Insights and PeerSpot.	Same reviews and ratings as the Essential plan.	Between 8.68 and 8.84 based on 1.018 reviews over 9.3 years from the following 5 sources: G2, Gartner Peer Insights, PeerSpot, Software Advice and TrustRadius.
Status page	Yes	Yes	Yes
Demo	Yes	Yes	Yes
Free trial	Yes	Yes	Yes