Fluid Attacks' scanners
Last updated: Mar 27, 2026
Fluid Attacks offers several Docker images to perform security scans, which are described below.
These scanners can be seamlessly integrated into your development workflow, allowing you to perform security scans both locally and within your continuous integration and continuous delivery (CI/CD) pipeline.
Learn about the resource requirements for these tools.
APK security scanner
fluidattacks/apk refers to the tool to perform APK security scans (available as a Docker container). This scanner decompiles and searches vulnerabilities in APK files.
CSPM scanner
fluidattacks/cspm refers to the tool to perform cloud security posture management (available as a Docker container). This scanner analyzes AWS cloud environments for vulnerable configurations.
For more information about CSPM, read "What is CSPM?".
DAST scanner
fluidattacks/dast refers to the tool to perform dynamic application security testing (available as a Docker container).
For more information about DAST, read "What is DAST?".
SAST scanner
fluidattacks/sast refers to the tool to perform static application security testing (available as a Docker container).
For more information about SAST, read "What is SAST?".
SCA scanner
fluidattacks/sca refers to the tool to perform software composition analysis (available as a Docker container).
For more information about SCA, read "What is SCA?".
Leave group
Learn how to leave a group in the Fluid Attacks platform. Be aware that leaving your only group removes you from the platform.
OWASP Benchmark results
Know about the Fluid Attacks scanner true positive rate of 100 on the OWASP Benchmark. A guide is included to reproduce the results in vulnerability detection.