Distributed binaries
Last updated: May 15, 2026
Fluid Attacks provides native binaries for security scanning that run directly on your machine or CI runner — no Docker, no account, and no API key required. Each binary is a single self-contained executable that you install once and run anywhere.
| Binary | Scanner | Description |
|---|---|---|
| ss | Secrets Scanning | Detects hardcoded credentials, API keys, and tokens |
| cs | Containers Scanning | Analyzes SCA vulnerabilities for docker images |
How it works
All binaries share the same installation model:
a one-line installer downloads the pre-compiled binary for your platform
and places it in a directory on your PATH.
Each binary supports two execution modes:
- Quick scan — pass a path directly on the command line for an immediate scan with no configuration.
- Config-driven scan — pass a YAML configuration file for full control over paths, output format, and scan behavior.
Supported platforms
| OS | Architecture |
|---|---|
| Linux | x86_64, aarch64 |
| macOS | Apple Silicon (arm64) |
Intel Mac (x86_64) is not supported. Windows is not supported natively. Windows users should install via WSL (Windows Subsystem for Linux) and follow the Linux instructions.
Installation
Run the one-line installer for the binary you want.
By default it installs to /usr/local/bin.
If that directory is not writable (common on macOS), install to a user-owned directory instead:
mkdir -p ~/.local/bin
curl -fsSL <installer-url> | INSTALL_DIR=~/.local/bin shThen make sure ~/.local/bin is on your PATH:
echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.zshrc
source ~/.zshrcSee each binary's page for its specific installer URL and platform notes.