Skip to main content

Introduction

Who we are

We are a cybersecurity company whose only purpose is to make the world a safer place.

What we do

  • We perform comprehensive security testing over all of your assets.
  • We use cutting-edge technologies and heavily trained human hackers.
  • We report vulnerabilities back to you as accurately and quickly as possible.

The source code of the technologies used is versioned in the Universe repository and is divided across many products. We also have a GitHub account where we publish projects that are more oriented towards the community and less coupled to our model of business. However, this documentation focuses on the Universe repository. The projects on GitHub have separate documentation that can be found on each of the respective projects.

Security Rating Maintainability Rating Technical Debt Code Grade Security Scorecard CII Best Practices

Our products

  • Airs: Home page, live at fluidattacks.com.

  • Docs: Reference documentation, live at docs.fluidattacks.com.

  • Common: Owner of critical, or company-wide infrastructure and resources, and owner of the admin account.

  • Integrates: The Attack Resistance Management platform:

  • Skims: Security Vulnerability Scanner.

  • Forces: The DevSecOps agent.

  • Sorts: Machine Learning assisted tool, that sorts the list of files in a git repository by the probability of it having vulnerabilities.

  • Melts: CLI tool that allows Fluid Attack's security analysts to clone customer git repositories

  • Observes: Company-wide data analytics.

  • Reviews: Small tool we use to enforce internal policies at Merge Request time.

Our users

We have different kinds of users, we divide them by use case:

  • End Users: They don't contribute code, but instead just interact with our products by installing them on their hosts and using the product's CLI, or through interacting with the product's public interface (an API, web interface, container image, etc).

    They are usually:

    • Security Analysts of Fluid Attacks: They usually use Sorts, Melts, and the ARM (Integrates), among others.
    • Customers of Fluid Attacks: They usually use the ARM (Integrates), the DevSecOps container image (Forces), read our blog (Airs), and sometimes our documentation (Docs).
    • Community users: They usually use tools like Skims in its Free and Open Source plan.

  • Developers: The people who contribute code at Universe and are usually hired by Fluid Attacks. They also contribute sometimes to our projects on GitHub.