Understanding outputs

Last updated: Jun 25, 2026

Fluid Attacks' standalone scanners provide varying levels of detail in their output, depending on the chosen format. This page provides a detailed explanation of each field present in the standalone scanner output.

The CLI snippets and CSV files are recommended, as these formats provide concise and actionable information for understanding and mitigating risks in your code, ports or inputs. If you need to share vulnerability data with external parties or integrate it with other security tools, the SARIF format may be more suitable.

The SARIF (Static Analysis Results Interchange Format) output, on the other hand, is more comprehensive and geared towards integration with other security tools and workflows. While it contains extensive data, it may not be as readily interpretable as the former options. Thus, the SARIF output is not explained in detail in this guide.

Scanner default output

Regardless of your chosen output format, the CLI vulnerability report includes information on the scan context at the beginning and a summary at the end.

Scan context

[INFO] Official Documentation: https://docs.fluidattacks.com/find-fix/use-cli/overview/fluid-attacks-scanners
[INFO] Namespace: namespace
[INFO] Startup work dir is: /any/universe
[INFO] Moving work dir to: /any/universe
[INFO] Files to be tested: 1
[INFO] Analyzing path 1 of 1: /test/data/lib_root/f052/java_cipher_jmqi.java

The CLI output begins with the following information:

A link to the official standalone scanner documentation for comprehensive guidance and troubleshooting
Key information about the current scan:
- Namespace
- Commit
- Start directory
- Working directory
- Total number of paths to be scanned
For each target file or endpoint, a line indicating the commencement of the scan

Scan summary

[INFO] Summary: 2 vulnerabilities were found in your targets.

Upon scan completion, the CLI displays a summary that includes the total number of vulnerabilities identified.

Vulnerability report on the CLI

This is how the standalone scanner output looks when it finds a vulnerability in the target of evaluation (ToE):

┌──────────────────────┬─────────────────────────────────────────────────────────────────────┐
│ Title                │ 052. Insecure encryption algorithm                                  │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ Description          │ Use of insecure encryption algorithm                                │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ Path                 │ unsafe_java_insecure_cipher_mode.java                               │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ CWE                  │ CWE-327                                                             │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ CVSSv4               │ CVSS:4.0/AV:A/AT:N/AC:H/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ CVSSv4 Score         │ 0.6                                                                 │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ CVSSv4 Severity      │ Low                                                                 │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ Rule Reference       │ https://db.fluidattacks.com/rul/java_insecure_cipher_mode           │
├──────────────────────┼─────────────────────────────────────────────────────────────────────┤
│ Weaknesses Reference │ https://db.fluidattacks.com/wek/052                                 │
├────────────────────────────────────────────────────────────────────────────────────────────┤
│                                                                                            │
│     5 |         Cipher c = Cipher.getInstance("DES");//                                    │
│     6 |         Cipher c = Cipher.getInstance("DESede");//                                 │
│     7 |         Cipher c = Cipher.getInstance("RSA");//                                    │
│     8 |         Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");//                   │
│     9 |         Cipher c = Cipher.getInstance("AES/ECB/NoPadding");//                      │
│  > 10 |         Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");//                   │
│    11 |         Cipher c = Cipher.getInstance("DES/CBC/NoPadding");//                      │
│       ^ Col 0                                                                              │
│                                                                                            │
└────────────────────────────────────────────────────────────────────────────────────────────┘

How to read the report

Each finding is displayed as a labeled table followed by the relevant code snippet. The table rows are:

Title: The name of the weakness that best suits the detected security issue, according to Fluid Attacks' classification
Description: A brief description of the finding, including the vulnerability location in the format <namespace_of_execution>/<path_to_file>
Path: The file path relative to the working directory
CWE: The Common Weakness Enumeration identifier
CVSSv4: The Common Vulnerability Scoring System (CVSS v4.0) vector string
CVSSv4 Score: The numeric CVSS v4.0 score

Although a single vulnerability could be associated with multiple CWEs, only one CVSS score is shown, which corresponds to the weakness assigned by Fluid Attacks.

CVSSv4 Severity: The qualitative severity level (Low, Medium, High, or Critical)
Rule Reference: A link to the scanner rule documentation
Weaknesses Reference: A link to the weakness entry in Fluid Attacks' database, which includes the possible impact of exploiting the vulnerability, an estimated remediation time, and fix recommendations

Below the metadata rows, the table has a final full-width row containing the code snippet. A pointer (>) marks the exact line where the problem was found.

Output in CSV

title	cwe	description	cvss_v4	cvss_v4_score	cvss_v4_severity	finding	kind	where	snippet	method
052. Insecure encryption algorithm	CWE-310	Use of insecure encryption algorithm in namespace//home/any/universe/skims/test/data/lib_root/f052/java_cipher_jmqi.java	CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A	2.3	low	https://db.fluidattacks.com/wek/052/	SAST	10	`1 import com.ibm.mq.*; 2 import com.ibm.mq.jmqi.JmqiUtils; 3 import org.apache.log4j.Logger; 4 5 class Test \\{ 6 7 private final String cipherSuite = "TLS_RSA_WITH_AES_128_CBC_SHA256"; 8 9 public void insecure() \\{ > 10 JmqiUtils.toCipherSuite(cipherSuite); 11 \\} 12 13 public void secure() \\{ 14 String safeSuite = "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"; 15 JmqiUtils.toCipherSuite(safeSuite); 16 \\} 17 18 \\} ^ Col 0`	java.java_insecure_cipher_jmqi

The CSV format is useful if you want to save your results for future reference or want to store them in an organized manner.

While the CLI output offers a concise summary, the CSV format provides a more detailed breakdown of the identified vulnerabilities. This includes richer context about each finding and the analysis techniques used.

A key feature of the CSV output is the inclusion of the specific detection method used for each vulnerability in the method column. This allows for precise feedback and reporting, particularly in cases of suspected false positives.

Namely, when submitting a false positive report, including the detection method name helps Fluid Attacks' team investigate the error and further improve the accuracy of the scanner.

Output in SARIF

SARIF (Static Analysis Results Interchange Format) is a standardized output format designed for seamless interoperability between security analysis tools. Key benefits of SARIF include:

Standardization: Consistent representation of vulnerability data across different tools and platforms
Rich data: Comprehensive details about the analysis process, including the specific checks performed and the rationale behind each finding
Integration: Easy integration with a wide range of security information and event management (SIEM) systems, vulnerability management platforms, and other development tools
Automation: Facilitates automated processing and analysis of vulnerability data for efficient remediation and reporting

The SARIF results include repository information under versionControlProvenance. The properties include the following:

repositoryUri: The URI of the scanned repository, which may contain a token value if the repository is private
branch: The scanned branch
revisionId: The hash of the last commit to the scanned repository

For detailed information about the objects and properties of SARIF, read their documentation.

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' pentesting team, fill out this contact form.