Fluid Attacks' scanners
Last updated: Jun 3, 2026
Fluid Attacks offers several scanners for security analysis, available through multiple delivery mechanisms: Docker containers, GitHub Actions, and distributed binaries.
These scanners can be seamlessly integrated into your development workflow, allowing you to perform security scans both locally and within your continuous integration and continuous delivery (CI/CD) pipeline.
Fluid Attacks also provides dedicated GitHub Actions for integrating security scanning directly into your GitHub workflows. Each action handles installation, execution, and result reporting automatically, and most support uploading findings to the GitHub Security tab via SARIF. The following GitHub Actions are available:
- SAST action — runs static application security testing on your source code, automatically selecting between full and differential scan modes based on the workflow trigger.
- SCA action — detects known vulnerabilities in your third-party dependencies by checking package manifests against the Fluid Attacks vulnerability database.
- Secret Scanning action — detects hardcoded secrets and credentials (API keys, passwords, tokens, and similar sensitive data) in your repository.
- CI Gate action — connects to the Fluid Attacks platform to check whether your repository has open vulnerabilities, acting as a security gate that can block merges when policy-breaking findings are present.
- DAST action — runs dynamic application security testing against your live web application by actively probing the URLs you configure.
More scanners are being migrated to distributed binaries. Check the distributed binaries section for the latest availability.
MAST scanner
fluidattacks/mast refers to the tool to perform mobile application security testing (available as a Docker container). This scanner mainly decompiles and searches vulnerabilities in APK files.
CSPM scanner
fluidattacks/cspm refers to the tool to perform cloud security posture management (available as a Docker container). This scanner analyzes AWS cloud environments for vulnerable configurations.
For more information about CSPM, read "What is CSPM?".
DAST scanner
fluidattacks/dast refers to the tool to perform dynamic application security testing (available as a Docker container).
For more information about DAST, read "What is DAST?".
SAST scanner
fluidattacks/sast refers to the tool to perform static application security testing (available as a Docker container).
For more information about SAST, read "What is SAST?".
SCA scanner
fluidattacks/sca refers to the tool to perform software composition analysis on directories (available as a Docker container).
For more information about SCA, read "What is SCA?".
The SCA container used to provide support to scan docker containers, but this will be deprecated in the coming weeks. If you wish to scan docker containers, please use our Containers SCA scanner.
Secret Scanning scanner
ss refers to the tool to detect hardcoded secrets and credentials (available as a distributed binary). This scanner searches for API keys, passwords, tokens, and similar sensitive data in your repository.
Containers SCA scanner
cs refers to the tool to perform software composition analysis on containers (available as a distributed binary).
For more information about SCA, read "What is SCA?".
Resource requirements
The table below lists the download locations and resource requirements for the Docker-based CLI scanners:
| Scanner | Download | Installation file size | Disk space usage | Necessary runtime |
|---|---|---|---|---|
| MAST CLI | hub.docker.com/r/fluidattacks/mast | 553 MiB | 877 MiB | Docker |
| DAST CLI | hub.docker.com/r/fluidattacks/dast | 553 MiB | 877 MiB | Docker |
| SAST CLI | hub.docker.com/r/fluidattacks/sast | 415 MiB | 1,367 MiB | Docker |
| SCA CLI | hub.docker.com/r/fluidattacks/sca | 315 MiB | 883 MiB | Docker |
Leave group
Learn how to leave a group in the Fluid Attacks platform. Be aware that leaving your only group removes you from the platform.
OWASP Benchmark results
Know about the Fluid Attacks scanner true positive rate of 100 on the OWASP Benchmark. A guide is included to reproduce the results in vulnerability detection.