Support information
Supported languages for vulnerability fixes
Supported Fluid Attacks is committed to helping organizations identify and remediate vulnerabilities in their software. The following table outlines the programming languages supported by Fluid Attacks' automated vulnerability remediation ...
Supported browsers
Supported Note: The following is not an exhaustive list, as Fluid Attacks supports any browser in its version(s) compatible with at least the ECMAScript® 2023 standard. Below is a summary of the most popular browsers supported on the Fluid Attacks ...
Supported CI/CD
Supported Note: The following is not an exhaustive list, as Fluid Attacks supports every CI/CD system compatible with Docker. Below is a summary of the most popular CI/CD systems in which Fluid Attacks can be integrated. Currently, these are some ...
Supported IDE functionalities
Supported Currently, these are the IDEs supported by Fluid Attacks and their respective functionalities: IntelliJ IDEA: See vulnerable file and code line VS Code: See vulnerable file and code line Detailed information on vulnerabilities and ...
Supported evidence formats
Supported Currently, these are the evidence formats supported by Fluid Attacks: Code pieces Graphs and metrics of the system's security status PDF executive reports Screenshots with explanatory annotations (only in the Advanced plan) Software bill of ...
Supported remediation
Supported Currently, these are the options supported by Fluid Attacks to help you with vulnerability remediation: Documentation on fixes on the platform and VS Code extension Knowledge base Step-by-step correction guidance with AI Autofix Expert ...
Supported AI functions
Supported Currently, these are the AI functions supported by Fluid Attacks: AI-powered triage Automatic fixes Custom fixes from the IDE and ASPM platform Unsupported Fluid Attacks' AI functions support does not currently include the following: ...
Supported clouds
Supported Currently, these are the cloud platforms supported by Fluid Attacks: Amazon Web Services (AWS) Google Cloud Platform (GCP) Microsoft Azure Unsupported Fluid Attacks' cloud support does not currently include the following: Alibaba Cloud ...
Supported ticketing systems
Supported Currently, these are the ticketing systems for which Fluid Attacks offers integrations: Azure DevOps work items GitLab issues Jira Cloud Unsupported Fluid Attacks' ticketing system support does not include the following: Asana Bugzilla ...
Supported SCM systems
Supported Currently, these are the source code management systems supported by Fluid Attacks: Azure DevOps Bitbucket GitHub GitLab Learn to import your repo to start security testing. Unsupported Fluid Attacks' SCM system support does not currently ...
Supported standards
Supported Fluid Attacks conducts security testing to verify your application's adherence to requirements currently mapped to these standards: Agile Alliance BSIMM BIZEC APP BSA Framework for Secure Software CAPEC™ CASA C2M2 CCPA CERT® C SEI CERT® ...
Supported secrets
Supported Currently, these are the secrets Fluid Attacks can detect: API keys AWS credentials Database connection passwords Express-session secrets Hardcoded emails (in security-related contexts) Hardcoded environment variables (e.g., api_key, ...
Supported binaries
Supported Currently, these are the file extensions of binaries supported by Fluid Attacks: .apk .aab (only in the Advanced plan) .ipa (only in the Advanced plan) Unsupported Fluid Attacks' binaries support does not currently include those with the ...
Supported containers
Supported Currently, Fluid Attacks supports containers based on the following Linux distributions: Alpine Arch Debian Red Hat Unsupported Fluid Attacks' containers support does not currently include those based on the following Linux distributions: ...
Supported CVEs for reachability analysis
Supported Currently, Fluid Attacks detects when software effectively calls known vulnerable functions reported in the CVE entries shown in the following table, where they are classified by the programming language in which the functions are written: ...
Supported package managers
Supported Currently, these are the package managers supported by Fluid Attacks: Bundler CocoaPods Composer Go Package Manager Gradle Maven npm NuGet pip Pipenv pnpm Poetry Pub RubyGems sbt Swift Package Manager Yarn Unsupported Fluid Attacks' package ...
Supported attack surfaces
Supported Currently, these are the attack surfaces supported by Fluid Attacks' DAST and PTaaS: DNS records GraphQL API gRPC API Headers HTML content REST API SSL connections for encryption suites, protocols, and X509 certificates. Unauthenticated ...
Supported frameworks
Supported Currently, these are the frameworks supported by Fluid Attacks: Angular Express Django FastAPI Flask Unsupported Fluid Attacks does not currently support the following frameworks: Apex .NET ABP Framework Akka Android Jetpack Apache Flex ...
Supported languages
Supported programming languages Currently, these are the programming languages supported by Fluid Attacks: C# Dart Go Java JavaScript Kotlin PHP Python Ruby Scala Swift TypeScript Supported configuration languages and infrastructure schemas Please ...
Changelog
2025 January Release 4 (ASPM) Modified the maximum days limit for which a vulnerability can be temporarily accepted: The limit was 90 days, which was modified to 999 days. Release 3 No features were delivered during this iteration. Release 2 No ...
Roadmap
See where we are going together We’re excited to share our priorities and upcoming features, designed to enhance security, simplify workflows, and empower you with greater efficiency and transparency. Priority Vulnerabilities view Manage all ...
Unsupported technologies
Fluid Attacks is constantly evolving its security assessment capabilities, as it strives to provide comprehensive security testing across a wide range of technologies. However, some technologies are not currently included in Fluid Attacks' scope. ...
Supported package managers, languages and files in SCA
The following table shows the package managers, languages and file extensions supported by Fluid Attacks' software composition analysis (SCA). Package manager Version(s) Language(s) File name(s) Number of advisories npm 1 to 3 JavaScript/TypeScript ...
Supported languages, frameworks and files in SAST
Fluid Attacks' static application security testing (SAST) supports a wide range of programming languages, frameworks, and file formats, ensuring source code vulnerability scanning for diverse development environments. The following table provides a ...