Skip to main content


Criteria is a common component that maps different security standards into a unified set of security requirements and vulnerabilities used by Fluid Attacks.

Criteria is published in a machine-readable YAML format and is used by:

  1. Docs
  2. Integrates
  3. Skims

Public Oath

Fluid Attacks will publish a machine-readable YAML file that contains the security requirements and vulnerabilities that Fluid Attacks uses to evaluate the security of a system.


  1. Criteria is managed as-code using YAML documents in order to make the information easily accessible to automated programs.
  2. When a developer changes the data, a pipeline that validates it against a given JSON schema is triggered.
  3. Other software can import criteria data directly. Note that for instance, Docs consumes this information and transforms it into the online version of Criteria.


Please read the contributing page first.