Evidence formats
Last updated: Mar 24, 2026
Supported
Currently, these are the evidence formats supported by Fluid Attacks:
- Code pieces
- Graphs and metrics of the system's security status
- PDF executive reports
- Screenshots with explanatory annotations (only in the Advanced plan)
- Software bill of materials (SBOM) exportable in CycloneDX or SPDX formats, with options to download in JSON or XML
- Video recordings of the attack (only in the Advanced plan)
- XLSX technical reports
Unsupported
Fluid Attacks' evidence formats support does not currently include the following:
- ARF (Assessment Results Format)
- Attack simulation replay files
- Audio recordings
- CSV reports
- Dashboard exports (JSON)
- HTML reports
- Markdown reports
- PowerPoint presentations
- Raw log files
- XML reports
- YAML export for SBOM
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
CVEs for reachability
CVEs for which the Fluid Attacks reachability analysis is supported. It determines if dependency vulnerabilities are exploitable in your applications.
Frameworks
Frameworks supported by the Fluid Attacks SAST scanner for tests that help you enhance application security and streamline secure development.