Use the scanners
Last updated: Jun 3, 2026
Fluid Attacks' scanners are AppSec testing tools that you can use to scan your source code, infrastructure, and applications, and obtain reports of the security vulnerabilities found.
The scanners are available for use as follows:
-
Managed testing: In this case, Fluid Attacks handles all the configuration, continuously monitors your system's security and provides reports and analytics on Fluid Attacks' platform.
-
DIY testing with command-line interface (CLI) tools: In this case, you use each scanner on its own and are in charge of configuration. Each scanner can be configured to scan your chosen target of evaluation for vulnerabilities and report the results directly in the CLI or in CSV or SARIF formats. Fluid Attacks provides these tools through multiple delivery mechanisms.
Check out the resource requirements for using the scanners.
These are the CLI scanners' delivery mechanisms:
- Docker containers: Run any scanner locally using Docker. Available for APK, CSPM, DAST, SAST, and SCA.
- GitHub Actions: Integrate security scanning directly into your GitHub CI/CD pipeline. Available for SAST, SCA, and Secret Scan.
- Distributed binaries: Native executables that run without Docker. Currently available for Secret Scanning and Container Scanning; more scanners coming soon.
Below are the features common to all of Fluid Attacks' CLI scanners.
CLI structure
Fluid Attacks' scanners' CLIs follow this structure:
CLI_NAME [GLOBAL_OPTIONS] COMMAND [ARGUMENTS]CLI name
In the above structure,
replace CLI_NAME with the analysis identifier.
Fluid Attacks provides five images
named after the type of scan that they perform:
apkcspmdastsastsca
CLI global options
--help
Use the --help flag to get information about the tool's usage
and a description of each available argument.
Examples
For the SAST CLI:
sast --helpFor the DAST CLI:
dast --help--strict
Use the --strict flag to run the scanner in strict mode.
This means the execution will fail (with an exit code 1)
if it finds any vulnerabilities in your targets.
This is ideal for using the scanner as a CI/CD job.
Example
For SAST
(replace path/to/config.yaml
with the actual path to your configuration file,
if using one):
sast --strict scan path/to/config.yamlCLI commands
All of Fluid Attacks' scanners have one command option: scan
As the name implies, this command allows you to execute a security scan over the evaluation targets of your choice.
Examples
Use this command to perform SAST scans with the SAST CLI:
sast scan /my-dirUse this to perform DAST scans with the DAST CLI:
dast scan https://www.my-app.comscan arguments
Directory
This option is only available for Fluid Attacks' SAST and SCA CLIs.
This argument is the path to the directory you want to scan.
Example
For SCA
(replace path/to/directory with the actual path to your target):
sca scan path/to/directoryURL
This argument is a URL. Depending on the scanner you are using, you can use the following URLs:
Git repository URL
Using Fluid Attacks' SAST or SCA CLIs to download a repository and analyze it with static application security testing (SAST) and software composition analysis (SCA). Examples:
For SAST:
sast scan https://github.com/tree-sitter/tree-sitter.gitFor SCA:
sca scan https://github.com/tree-sitter/tree-sitter.gitPage or web application URL
Using Fluid Attacks' CLI to perform dynamic application security testing (DAST), considering the URL of a page or web application. Example:
dast scan https://www.google.comConfiguration file
This argument is the path to a YAML configuration file where you customize the vulnerability scanner's execution. To avoid confusion and possible problems, you should place this file in the same directory as the project you want to scan.
Examples
For SAST
(replace path/to/config.yaml
with the actual path to your configuration file):
sast scan path/to/config.yamlUsing the SAST CLI:
namespace: myapp
output:
file_path: ./Fluid-Attacks-Results.csv
format: CSV
working_dir: .
language: EN
sast:
include:
- .
exclude:
- glob(**/node_modules/**)
- glob(**/test/**)This is the most flexible way to run any of Fluid Attacks' scanners. Use this option in order to get the most value from the scanners.
You can see detailed documentation on how to set up a configuration file for each scanner.
Have a question about the scanner or encountered a problem? Read the "Scanner FAQ".
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
OWASP Benchmark results
Know about the Fluid Attacks scanner true positive rate of 100 on the OWASP Benchmark. A guide is included to reproduce the results in vulnerability detection.
Docker
Run Fluid Attacks' security scanners using Docker containers, locally or in any CI/CD provider that supports Docker.