True Positives

Last updated: Jun 30, 2026


How does Fluid Attacks' solution compare to True Positives's?

The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company's cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page.

Organization

AttributeEssentialAdvancedTrue Positives
FocusNative ASPM with in-house scannersAI-powered PTaaS on top of native ASPM with in-house scannersDAST
ExtrasNoneNoneNone
Headcount157Same8
Headcount distributionEngineering 40%, IT 14%, sales 15%, marketing 2%, operations 4% and others 25%SameIT 25%, sales 13%, marketing 38%, operations 13% and others 11%
Headcount growth+14%, +15%, -1%Same0%, -11%, -38%
HeadquartersCO and USSameUS
CountriesAR, BO, CA, CL, CO, DO, MX, PA, PE and USSameUS
Reputation9.76 from 228 reviews over 8 years on Gartner and ClutchSameNo reviews
Followers22K based on the following: Facebook, Instagram, LinkedIn, X and YouTubeSame1K based on the following: Facebook, LinkedIn and X
Research firmsNoneNoneNone
Founded2001Same2020
FundingBootstrappedSameNo information available
AcquisitionsNoneNoneNone
Revenue10M to 15MSame1M to 10M
CVEs as CNA Researcher289 CVEs reported to MITRE, ranked in the top 10 CVE labs worldwideSameNot applicable, as it is not a CNA Researcher
ComplianceGDPR, ISO/IEC 27001:2022, ISO/IEC 27017:2015, ISO/IEC 27018:2019, ISO/IEC 27701:2019, PCI DSS, SOC 2 Type II and SOC 3SameNone
Bug bountyYesYesNo
Visits64K per month. Top 3: 18% CO, 9% US, 5% BR. Others 68%Same2K per month. Top 3: 74% US, 10% IN, 7% IQ. Others 9%
Authority33 out of 100Same12 out of 100
Public vulnerability DBDiscovered and third-partySameNo
ContentBlog, documentation, e-books, glossary, reports, success stories, videos, webinars and white papersSameBlog
Comprehensive documentation13 documentation sectionsSameNo
CommunityForumSameNo
Sync training1 workshopSameNo
Async training3 product use courses, all freeSameNo
DistributionDirect or with any of its 14 partnersSameDirect
MarketplacesAWSSameNone
FreemiumNoNoNo
Free trial21-day free trialPoVPoC
DemoYesYesYes
Open demoNoNoNo
PricingContact sales and marketplaceContact salesPublic web and contact sales
Pricing tiers1 plan1 plan3 plans (monthly, quarterly, on demand). First two transparent
Minimum termMonthlyMonthlyMonthly
Minimum payment periodMonthlyMonthlyMonthly
Minimum capabilitiesASPM, binary SAST, containers, CSPM, DAST, IaC, SAST, SCA and secretsSame plus: AI SAST, API security testing, MAST, PTaaS, RE and SCRDAST
Minimum scope1 authorSame1 target
Pricing driversAuthorsSameTargets
Free implementationYesYesNo information available
Free supportYesYesNo

Service

AttributeEssentialAdvancedTrue Positives
PTaaSNoYesNo. MPT
Reverse engineeringNoYesNo
Secure code reviewNoYesNo
PivotingNoYesNo
ExploitationNoYesYes
Manual reattacksNot applicableUnlimited reattacksUnlimited reattacks
Zero-day vulnerabilitiesScanner-based zero-day vulnerability detectionContinuous zero-day vulnerability researchNone
SLAAvailabilityAccuracy, availability and responseNo information available
Minimum availability99.95% per yearSameNo information available
After-sale guaranteesNoYesNo
AccreditationsCNA, Penetration Testing by CREST and OpenSSF Gold BadgeSameNone
Pentester certificationsNot applicable202 from 59 different typesNone
Type of contractEmployeeSameEmployee or freelance
Endpoint controlNoTotalNo information available
Channel controlNoTotalNo information available
StandardsSome requirements from 67 standards, 4 in common and 63 additionalAll requirements from the same standards4 standards, all in common
Detection methodAutomated toolsAI, automated tools and human intelligenceAI, automated tools and human intelligence
Remediation5, 1 in common and 4 additionalSame, plus 12, 1 in common and 1 additional
Output5, 1 in common and 4 additionalSame, plus 21 in common

Product

AttributeEssentialAdvancedTrue Positives
ASPMYesYesNo
APIGraphQL with JSONSameNo
IDE5 functionalitiesSame, plus 1 functionalityNo
CLIYesYesNo
CI/CDBreaks the buildSameDoes not break the build
Vulnerability sources18 sourcesSameNo information available
Threat model alignmentYesYesNo
Priority criteriaCVSS v4.0, CVSSF, EPSS and KEVSameCVSS
Custom prioritizationPriority scoreSameNo
Scanner originIn-houseIn-houseExternal (Invicti for DAST)
SCA19 package managersSameNo
AI securityNoYesNo
Reachability12 languagesSameNo
Reachability typeDeterministicSameNot applicable
SBOM22 package managersSameNo
Malware detectionYesYesNo
Autofix on componentsNoNoNo
Containers4 distributionsSameNo
Source SAST (languages)12SameNo
Source SAST (frameworks)22SameNo
Custom rulesNoNoNo
IaC62No
Binary SAST1 type of binarySame, plus 2 types of binariesNo
DAST7 attack surface typesSameYes. No information available
API security testingNo4 types of APIsYes. No information available
MASTNoYesNo
IASTNoNoNo
CSPMYesYesNo
Secrets142 secrets typesSame, plus verify other attack vectors and secrets exploitabilityNo
AI4 functions, none in commonSame, plus 1 function1 function
AI SASTNoYesNo
MCPYesYesNo
Open-sourceNoNoNo
DeploymentSaaS (multi-tenant)SameSaaS + on-premises (no tenancy information)
RegionsUSSameNo information available
StatusYesYesNo
Incidents3 per yearSameNo information available

Integrations

AttributeEssentialAdvancedTrue Positives
SCM6SameNone
Binary repositoriesNoneNoneNone
Ticketing3SameNone
ChatOpsNoneNoneNone
IDE3SameNone
CI/CD21, 4 in common and 17 additionalSame4, all in common
SCANativeSameNone
ContainerNativeSameNone
SASTNativeSameNone
DASTNativeSameNative powered by Invicti
MASTNoneNativeNone
IASTNoneNoneNone
Cloud1SameNone
CSPMNativeSameNone
SecretsNativeSameNone
RemediationNoneNoneNone
Bug bountyNoneNoneNone
Vulnerability managementNoneNoneNone
ComplianceNoneNoneNone

More like True Positives

Tags

apicomparedastmpt

On this page