Frequently asked questions about the scanner | Fluid Attacks Help

Scanner FAQ

This section addresses common questions users may ask when using the Machine Standalone tool.

General information

Where can I find the latest information about the tool?

You can find the updated information about Fluid Attacks' scanner in this Knowledge Base's Use the CLI section (App Defense Alliance's documentation on the tool is outdated).

Do I need to create a Dockerfile to use the tool?

No. You only need to download the Docker image.

Running the scanner

How do I run the scanner?

Please check Run scans locally and Use the scanners in CI/CD.

What can I do with the mounting "Operation not permitted" error?

If this message appears at the end of the error log:

error: mounting /proc: Operation not permitted

Try running the scan with the --privileged flag:

docker run --privileged -v /your/local/dir:/working-dir fluidattacks/sast:latest sast scan /working-dir/config.yaml

What can I do with the invalid argument error?

If the error message at the end of the error log is something like this:

[ERROR] Enter a valid argument,
the argument types are the path to a .yaml configuration file or the path to a directory.
Doc: https://docs.fluidattacks.com/tech/scanner/standalone

It means that the path to the config.yaml file or the folder to scan is incorrect, or you are attempting to access a local path within the container's runtime. Therefore, you should verify that the path exists or that you are correctly mounting the volume inside the container along with the respective files.

Errors during execution

Why are my APK files being reported under CWE-377 as unverifiable?

This means you are executing a SAST scanner including APK files. APK files are only meant to be analyzed with the APK scanner (as the name implies). To remove those reports, simply add the exclude key to the "sast" section of the configuration, like so:

sast:
include:
- .
exclude:
- glob(**/*.apk)

What can I do with the "File too large" error?

If you encounter this message frequently:

[WARNING] File too large

It means that the tool is ignoring large files to avoid possible memory issues.

If you wish to remove this limitation, use the "file size limit" key.

If you remove the limit and encounter memory errors, we recommend splitting the scanner runs (e.g., scanning only certain folders in each run).

As we are actively improving on this topic, this strategy may become unnecessary in the future.

What should I do if the scans are taking too long?

If your scan is taking longer than it should, we recommend the following:

  • Check dependency folders included: Ensure you do not include dependency folders such as node_modulesdistvendor and their equivalents in the SAST scan.

  • Use the recursion limit key: Consider using the "recursion limit" key to limit the search depth within a single file. We recommend setting it to 1000.

Why am I experiencing network errors during execution?

Network errors typically occur when scanner analysis is performed in an environment with restricted internet access. To ensure full functionality of all scanners—particularly the SCA scanner—we recommend running the analysis without such restrictions.

If running without restrictions is not possible, your network must at a minimum allow both inbound and outbound communication with AWS, as some scanners rely on data retrieved from AWS services (public S3 buckets).

Additionally, our scanners may connect to external services such as Bugsnag, which we use for error tracking and debugging. We do not store any sensitive information on those services, but if you prefer to disable all execution traceability, you can opt out by adding the following setting to your YAML configuration file: tracing_opt_out: True 


If you encounter a different error, you can open a new issue in Fluid Attacks' open-source repository.