Use the CLI
Know and reproduce the scanner’s OWASP Benchmark results
Fluid Attacks uses the OWASP Benchmark At Fluid Attacks, we care about the accuracy of security testing results. This means we want to make sure that the automated tools and security analysts involved make as few mistakes as possible in their ...
Validate CASA tier 2 requirements
The CASA requirements are based on those in OWASP Application Security Verification Standard (ASVS), and failure to implement them is associated with CWE entries. To pass the assessment, an application must meet all 73 CASA requirements, no matter ...
Contribute to enhancing the scanner
Fluid Attacks' scanner, like the company's other products, is open source. Currently, Fluid Attacks does not allow contributions from third parties. However, Fluid Attacks welcomes feature requests and bug reports. To submit such matters, you can ...
Exclude findings from scan reports
As software projects grow and evolve, there may be times when developers require more control over analysis results. That's why we have introduced the NOFLUID functionality. This allows specific reports within an application's code to be suppressed. ...
Understand the scanner output
Depending on the format, Machine Standalone will inform you of different things. For personal use, we recommend using the CSV format or the CLI snippets because it contains more meaningful information when it comes to understanding and evaluating the ...
Run scans locally or in your CI/CD
Run the Fluid Attacks scanner locally You can run the Docker container with docker run -v /dir/to/scan:/my-dir fluidattacks/cli:arch skims scan /my-dir where /dir/to/scan is the path to the directory you want to scan. arch is either amd64 or arm64. ...
Configure the tests by the standalone scanner
Fluid Attacks' scanner is a security vulnerability detection tool. This means it scans your source-code, infrastructure and applications and reports to you the security problems they have. The scanner can be used by users in two modes: As a paid ...