As part of the vulnerability management, you should reassess the code after a fix attempt. This is because a fix can introduce further vulnerabilities or be no fix at all for the original vulnerability.

Read the section Fix your code to understand how Fluid Attacks can help you successfully address vulnerabilities. When you have applied your fix, follow the steps on this page.

At Fluid Attacks, reassessments are called "reattacks." Do the following to request automated reattacks by the tool or manual reattacks by Fluid Attacks' hacking team:

1. Enter the group where the vulnerability you want to reattack was reported and go to the Scope section.

   

2. Click on the Sync button to clone the latest version of the repository. This is to submit the version that contains the fixed code for testing.

   

   Check the Status value of the repository. When the status is OK, you can move on to step 3.

3. In the Vulnerabilities section, click anywhere on the row containing the name of the type of vulnerability you wish to reattack.

   

4. Select the location where you have already effectuated a fix and click Reattack.

   

5. In the pop-up window, describe the fix you applied and click Confirm.

   

If the vulnerability is still present, you will get a comment informing you of this in the Consulting section of the type of vulnerability. In the Locations table, the reattacked vulnerability will show the value Verified (vulnerable) in the Reattack column.

As a security measure, you can use Fluid Attacks' CI Agent to break the build if vulnerabilities with specific attributes are present in it.