Frequently asked questions about the scanner | Fluid Attacks Help

Scanner FAQ

This section addresses common questions users may ask when using the Machine Standalone tool.

General information

Where can I find the latest information about the tool?

You can find the updated information about Fluid Attacks' scanner in this Knowledge Base's Use the CLI section (App Defense Alliance's documentation on the tool is outdated).

Do I need to create a Dockerfile to use the tool?

No. You only need to download the Docker image.

Running the scanner

How do I run the scanner?

Please check Run scans locally or in your CI/CD.

What can I do with the mounting "Operation not permitted" error?

If this message appears at the end of the error log:

error: mounting /proc: Operation not permitted

Try running the scan with the --privileged flag:

docker run --privileged -v /your/local/dir:/working-dir fluidattacks/cli:arch skims scan /working-dir/config.yaml

What can I do with the invalid argument error?

If the error message at the end of the error log is something like this:

[ERROR] Enter a valid argument,
the argument types are the path to a .yaml configuration file or the path to a directory.
Doc: https://docs.fluidattacks.com/tech/scanner/standalone

It means that the path to the config.yaml file or the folder to scan is incorrect, or you are attempting to access a local path within the container's runtime. Therefore, you should verify that the path exists or that you are correctly mounting the volume inside the container along with the respective files.

Errors during execution

Why are my APK files being reported under CWE-377 as unverifiable?

This means you are including APK files in the SAST module of the scanner. APK files are only meant to be scanned in the APK module (as the name implies). To remove those reports, simply add the exclude key to the "sast" section of the configuration, like so:

sast:
  include:
    - .
  exclude:
    - glob(**/*.apk)

What can I do with the "File too large" error?

If you encounter this message frequently:

[WARNING] File too large

It means that the tool is ignoring large files to avoid possible memory issues.

If you wish to remove this limitation, use the "file size limit" key.

If you remove the limit and encounter memory errors, we recommend splitting the scanner runs (e.g., scanning only certain folders in each run).

As we are actively improving on this topic, this strategy may become unnecessary in the future.

What should I do if the scans are taking too long?

If your scan is taking longer than it should, we recommend the following:

  • Check dependency folders included: Ensure you do not include dependency folders such as node_modulesdistvendor and their equivalents in the SAST scan.

  • Use the recursion limit key: Consider using the "recursion limit" key to limit the search depth within a single file. We recommend setting it to 1000.

If you encounter a different error, you can open a new issue in Fluid Attacks' open-source repository.