Support information
Supported browsers
Supported Note: The following is not an exhaustive list, as Fluid Attacks supports any browser compatible with at least the ECMAScript® 2023 standard. Below is a summary of the most popular browsers supported on the Fluid Attacks website and ...
Supported CI/CD
Supported Note: The following is not an exhaustive list, as Fluid Attacks supports every CI/CD system compatible with Docker. Below is a summary of the most popular CI/CD systems integrated with Fluid Attacks. Currently, these are some popular CI/CD ...
Supported IDE functionalities
Supported Currently, these are the IDEs supported by Fluid Attacks and their respective functionalities: Detailed information on vulnerabilities and remediation recommendations (VS Code and IntelliJ IDEA) Assign treatments (VS Code) Step-by-step code ...
Supported evidence formats
Supported Currently, these are the evidence formats supported by Fluid Attacks: Code pieces Graphs and metrics of the system's security status PDF executive reports Screenshots with explanatory annotations (only in the Advanced plan) Software bill of ...
Supported remediation
Supported Currently, these are the options supported by Fluid Attacks to help you with vulnerability remediation: Documentation on fixes on the platform and VS Code extension Knowledge base Step-by-step correction guidance with AI Autofix Expert ...
Supported AI functions
Supported Currently, these are the AI functions supported by Fluid Attacks: AI-powered triage Automatic fixes Custom fixes from the IDE and ASPM platform Unsupported Fluid Attacks' AI functions support does not currently include the following: ...
Supported clouds
Supported Currently, these are the cloud platforms supported by Fluid Attacks: Amazon Web Services (AWS) Google Cloud Platform (GCP) Microsoft Azure Unsupported Fluid Attacks' cloud support does not currently include the following: Alibaba Cloud ...
Supported ticketing systems
Supported Currently, these are the ticketing systems for which Fluid Attacks offers integrations: Azure DevOps work items GitLab issues Jira Cloud Unsupported Fluid Attacks' ticketing system support does not include the following: Bugzilla GitHub ...
Supported SCM systems
Supported Currently, these are the source code management systems supported by Fluid Attacks: Azure DevOps Bitbucket GitHub GitLab Learn to import your repo to start security testing. Unsupported Fluid Attacks' SCM system support does not currently ...
Supported standards
Supported Fluid Attacks conducts security testing to verify your application's adherence to requirements currently mapped to these standards: Agile Alliance BSIMM BIZEC APP BSA Framework for Secure Software CAPEC™ CASA C2M2 CCPA CERT® C SEI CERT® ...
Supported secrets
Supported Currently, these are the secrets Fluid Attacks can detect: API keys AWS credentials Database connection passwords Express-session secrets Hardcoded emails (in security-related contexts) Hardcoded environment variables (e.g., api_key, ...
Supported binaries
Supported Currently, these are the binaries supported by Fluid Attacks: .apk .aab (only in the Advanced plan) .ipa (only in the Advanced plan) Unsupported Fluid Attacks' binaries support does not currently include the following: .7z .arj .asar .bin ...
Supported containers
Supported Currently, Fluid Attacks supports containers based on the following Linux distributions: Alpine Arch Debian Red Hat Unsupported Fluid Attacks' containers support does not currently include those based on the following Linux distributions: ...
Supported languages for reachability analysis
Supported Currently, Fluid Attacks detects reachable dependency vulnerabilities in code written in these languages: C# Java JavaScript Python TypeScript Read Supported CVEs to learn more about the scope of Fluid Attacks' reachability analysis. ...
Supported package managers
Supported Currently, these are the package managers supported by Fluid Attacks: Cargo Composer Conan Docker Images GitHub Actions Go Package Manager Gradle Hex Maven npm NuGet pnpm pip Poetry Pub RubyGems sbt Swift Package Manager Yarn Unsupported ...
Supported technologies in DAST
Supported Currently, these are the technologies supported by Fluid Attacks' DAST: DNS records Headers HTML content SSL connections for encryption suites, protocols, and X509 certificates. Unauthenticated HTTP endpoints Unsupported Fluid Attacks' DAST ...
Supported frameworks
Supported Note: This page only lists frameworks applicable to both the Essential and Advanced plans. Advanced covers many other frameworks. Contact Fluid Attacks for detailed information about this plan. Currently, these are the frameworks supported ...
Supported languages
Supported Note: This page only lists programming languages applicable to both the Essential and Advanced plans. The Advanced plan covers many other languages. Contact Fluid Attacks for detailed information about this plan. Currently, these are the ...
Changelog
2024 December Release 51 (SCA) Malware packages tagged: Packages in Supply chain with detected malware are tagged. (SCA) Split environment dependencies: Identify whether dependencies are related with production or development environments. (SCA) SBOM ...
Product roadmap
See where we are going together We’re excited to share our priorities and upcoming features, designed to enhance security, simplify workflows, and empower you with greater efficiency and transparency. Priority Vulnerabilities view Manage all ...
Unsupported technologies
Fluid Attacks is constantly evolving its security assessment capabilities, as it strives to provide comprehensive security testing across a wide range of technologies. However, some technologies are not currently included in Fluid Attacks' scope. ...
Supported package managers, languages and files in SCA
The following table shows the package managers, languages and file extensions supported by Fluid Attacks' software composition analysis (SCA). Package manager Version(s) Language(s) File name(s) Number of advisories npm 1 to 3 JavaScript/TypeScript ...
Supported languages, frameworks and files in SAST
Fluid Attacks' static application security testing (SAST) supports a wide range of programming languages, frameworks, and file formats, ensuring source code vulnerability scanning for diverse development environments. The following table provides a ...