Use the scanners
Use the scanners in CI/CD
Integrating any Fluid Attacks scanner into your CI/CD pipeline enables automated security testing throughout your software development lifecycle (SDLC). Below are examples of how to configure the SAST scanner on popular CI/CD providers. Replace the ...
Exclude findings from scan reports
Fluid Attacks offers the NOFLUID feature to allow you to exclude from reports some specific, potentially insecure lines within your application's source code or infrastructure-as-code (IaC) configurations. This way you can avoid findings that might ...
Understand the scanner output
Fluid Attacks' standalone scanners provide varying levels of detail in their output, depending on the chosen format. This page provides a detailed explanation of each field present in the standalone scanner output. The CLI snippets and CSV files are ...
Run scans locally
You can run any of Fluid Attacks' scanners locally using Docker. First, to make sure you have the latest version available, you can execute the corresponding docker pull command for each scanner, for example for the SAST scanner: docker pull ...
Use standalone scanners
Fluid Attacks' scanners are AppSec testing tools that you can use to scan your source code, infrastructure, and applications, and obtain reports of the security vulnerabilities found. The scanners are available for use as follows: Paid software as a ...