Use the scanners
Use the scanners in CI/CD
Integrating any Fluid Attacks scanner into your CI/CD pipeline enables automated security testing throughout your software development lifecycle (SDLC). Below are examples of how to configure the SAST scanner on popular CI/CD providers. Run on GitHub ...
Exclude findings from scan reports
Fluid Attacks offers the NOFLUID feature to allow you to exclude from reports some specific, potentially insecure lines within your application's source code or infrastructure-as-code (IaC) configurations. This way you can avoid findings that might ...
Understand the scanner output
Starting November 1, 2025, the Fluid Attacks full CLI will become deprecated in favor of the multiple standalone scanners. Fluid Attacks' standalone scanners provide varying levels of detail in their output, depending on the chosen format. This page ...
Run scans locally
Starting November 1, 2025, the Fluid Attacks full scanner will become deprecated in favor of the multiple standalone scanners. You can run any of Fluid Attacks' scanners locally using Docker. First, to make sure you have the latest version available, ...
Use standalone scanners
Starting November 1, 2025, the Fluid Attacks full CLI will become deprecated in favor of the multiple standalone scanners. Fluid Attacks' scanners are AppSec testing tools that you can use to scan your source code, infrastructure, and applications, ...