Skip to Content
logo

Documentation

  • Home
  • Quick start
    • FAQ
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • What is SCA?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Use the platform
        • Sign-up and login
        • Interface and sections
        • Create and delete groups
        • Create another organization
        • Know your Groups section
        • Manage a group's configuration
        • Register payment information
        • See the target of evaluation's status and SBOM
        • Sort groups into portfolios
        • Invite contributing developers
        • Manage members
        • Manage your organization's authors
        • Understand roles
        • Import repositories fast and safely with OAuth
        • Manage environments
        • Manage repositories
        • Manage your credentials
        • Resolve events impeding tests
        • See retrieved repositories not yet added to any group
        • Analyze your supply chain security
        • Assign treatments
        • Correlate your threat model to vulnerabilities
        • CVSS score adjustment
        • Examine the evidence of exploitability
        • Find reachable dependency vulnerabilities
        • Request a vulnerability be dismissed as Zero Risk
        • See vulnerabilities assigned to you
        • See where vulnerabilities are and more details
        • Verify fixes with reattacks
        • Vulnerability signature update
        • Ask the AI Agent
        • Ask via chat
        • Post comments
        • Send Fluid Attacks an email
        • Talk to a Pentester
        • Watch certifiable tutorial videos or get a demo
        • Access recent downloads
        • Check your compliance with standards
        • View analytics common to orgs, groups and portfolios
        • Download a report of detected vulnerabilities
        • View analytics for the group level only
        • View analytics for the portfolio level only
        • Use analytics charts options
        • View and download logs
        • CI Gate configuration
        • CI Gate executions
        • Security gates
        • Vulnerability acceptance
        • Prioritization attributes
        • Explore the user menu
        • Enable and disable notifications
        • Subscribe to News
        • Leave a group
      • Manage repositories
      • See vulnerabilities
        • Fluid Attacks' scanners
        • OWASP Benchmark results
        • Your feedback
      • Use the scanners
        • Local run
        • CI/CD integration
        • Understanding outputs
        • Findings exclusion
      • Use a configuration file
        • SAST scanner
        • SCA scanner
        • DAST scanner
        • APK scanner
      • Automatic remediation
      • Custom remediation guides
      • Introduction to Sorts
      • Sorts user guide
      • Connection mechanisms
      • Cloud connection
      • Egress connection
      • Connector connection
      • Types of authentication
      • AWS CodeCommit
    • Service-level agreement
      • Availability SLA
      • Response SLA
      • Accuracy SLA
      • False negatives
      • False positives
      • Scope
    • Support information
      • Changelog
        • 2023
        • 2024
        • 2025
        • 2026
      • Roadmap
      • AI functions
      • Attack surfaces
      • Binaries
      • Browsers
      • CI/CD
      • Clouds
      • CVEs for reachability
      • Evidence formats
      • Frameworks
      • IDE functionalities
      • Languages
      • Languages for fixes
      • Package managers
      • Remediation
      • SCM systems
      • Secrets
      • Standards
      • Ticketing systems
      • Documentation sections
  • Integrations
      • Local tools
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
      • Install the VS Code extension
      • View vulnerable lines, use fix options and more
      • VS Code extension error and solution catalog
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
      • Excluding files from analysis
      • Integrate with Azure DevOps Peer Reviewer Assistant
      • Integrate with GitLab Peer Reviewer Assistant
      • Troubleshooting
      • Introduction
      • Use the API
      • Learn the basics of the Fluid Attacks API
      • Things to know before using the API
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • D3
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
    • Pentesting tools
  • Compliance
    • Authentication
      • Clients
      • Password policies
      • Staff
    • Authorization
      • Access revocation
      • Clients
      • Employee termination
      • Endpoints
      • Secret rotation
      • Sessions
      • Staff
    • Availability
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
    • Confidentiality
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
    • Integrity
      • Applicant evaluation
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Monitoring
      • Production data isolation
      • Secure emails
      • SLSA compliance
      • Standard timezone
      • Static website
      • Training plan
    • Non-repudiation
      • Everything as code
      • Extensive logs
    • Privacy
      • Data privacy policy
      • Data retention policy
      • Data use policy
      • Email obfuscation
      • Time tracking
      • Manual for the NDR
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Data transmission
      • Unsubscribe email
      • Use of cookies
    • Resilience
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
    • Transparency
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • ArmorCode
    • Arnica
    • Astra
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Escape
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security (GHAS)
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 
  • Home
  • Quick start
    • FAQ
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • What is SCA?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Use the platform
        • Sign-up and login
        • Interface and sections
        • Create and delete groups
        • Create another organization
        • Know your Groups section
        • Manage a group's configuration
        • Register payment information
        • See the target of evaluation's status and SBOM
        • Sort groups into portfolios
        • Invite contributing developers
        • Manage members
        • Manage your organization's authors
        • Understand roles
        • Import repositories fast and safely with OAuth
        • Manage environments
        • Manage repositories
        • Manage your credentials
        • Resolve events impeding tests
        • See retrieved repositories not yet added to any group
        • Analyze your supply chain security
        • Assign treatments
        • Correlate your threat model to vulnerabilities
        • CVSS score adjustment
        • Examine the evidence of exploitability
        • Find reachable dependency vulnerabilities
        • Request a vulnerability be dismissed as Zero Risk
        • See vulnerabilities assigned to you
        • See where vulnerabilities are and more details
        • Verify fixes with reattacks
        • Vulnerability signature update
        • Ask the AI Agent
        • Ask via chat
        • Post comments
        • Send Fluid Attacks an email
        • Talk to a Pentester
        • Watch certifiable tutorial videos or get a demo
        • Access recent downloads
        • Check your compliance with standards
        • View analytics common to orgs, groups and portfolios
        • Download a report of detected vulnerabilities
        • View analytics for the group level only
        • View analytics for the portfolio level only
        • Use analytics charts options
        • View and download logs
        • CI Gate configuration
        • CI Gate executions
        • Security gates
        • Vulnerability acceptance
        • Prioritization attributes
        • Explore the user menu
        • Enable and disable notifications
        • Subscribe to News
        • Leave a group
      • Manage repositories
      • See vulnerabilities
        • Fluid Attacks' scanners
        • OWASP Benchmark results
        • Your feedback
      • Use the scanners
        • Local run
        • CI/CD integration
        • Understanding outputs
        • Findings exclusion
      • Use a configuration file
        • SAST scanner
        • SCA scanner
        • DAST scanner
        • APK scanner
      • Automatic remediation
      • Custom remediation guides
      • Introduction to Sorts
      • Sorts user guide
      • Connection mechanisms
      • Cloud connection
      • Egress connection
      • Connector connection
      • Types of authentication
      • AWS CodeCommit
    • Service-level agreement
      • Availability SLA
      • Response SLA
      • Accuracy SLA
      • False negatives
      • False positives
      • Scope
    • Support information
      • Changelog
        • 2023
        • 2024
        • 2025
        • 2026
      • Roadmap
      • AI functions
      • Attack surfaces
      • Binaries
      • Browsers
      • CI/CD
      • Clouds
      • CVEs for reachability
      • Evidence formats
      • Frameworks
      • IDE functionalities
      • Languages
      • Languages for fixes
      • Package managers
      • Remediation
      • SCM systems
      • Secrets
      • Standards
      • Ticketing systems
      • Documentation sections
  • Integrations
      • Local tools
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
      • Install the VS Code extension
      • View vulnerable lines, use fix options and more
      • VS Code extension error and solution catalog
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
      • Excluding files from analysis
      • Integrate with Azure DevOps Peer Reviewer Assistant
      • Integrate with GitLab Peer Reviewer Assistant
      • Troubleshooting
      • Introduction
      • Use the API
      • Learn the basics of the Fluid Attacks API
      • Things to know before using the API
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • D3
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
    • Pentesting tools
  • Compliance
    • Authentication
      • Clients
      • Password policies
      • Staff
    • Authorization
      • Access revocation
      • Clients
      • Employee termination
      • Endpoints
      • Secret rotation
      • Sessions
      • Staff
    • Availability
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
    • Confidentiality
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
    • Integrity
      • Applicant evaluation
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Monitoring
      • Production data isolation
      • Secure emails
      • SLSA compliance
      • Standard timezone
      • Static website
      • Training plan
    • Non-repudiation
      • Everything as code
      • Extensive logs
    • Privacy
      • Data privacy policy
      • Data retention policy
      • Data use policy
      • Email obfuscation
      • Time tracking
      • Manual for the NDR
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Data transmission
      • Unsubscribe email
      • Use of cookies
    • Resilience
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
    • Transparency
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • ArmorCode
    • Arnica
    • Astra
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Escape
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security (GHAS)
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 

On This Page

  • DevSecOps table
  • Filter the DevSecOps table
  • Search the DevSecOps table
  • Download a report of the CI Gate executions
  • View CI Gate execution details
  • Summary
  • Execution log
Find and fixUse the platformManage policiesCI Gate executions

CI Gate results and execution history

Fluid Attacks’ CI Gate supports the DevSecOps methodology  applied in your projects. This tool acts as a security gate within your continuous integration and continuous deployment (CI/CD) environments, preventing vulnerable code from reaching production.

That is, CI Gate monitors your software versions and, if it detects vulnerabilities that have not been remediated or accepted , automatically breaks the build  to enforce their remediation, upholding your security standards.

The rules to break the build  can be configured at the organization and group levels in the platform’s Policies section. You can see details of each of CI Gate’s executions in the DevSecOps section. This page guides you through it.

DevSecOps table

Your group’s DevSecOps section features a comprehensive table that shows the execution history of CI Gate within your pipeline. A banner reminds you of your relevant policies currently applied in executions. Gain deeper insights into each execution by simply clicking on the corresponding date.

Know the DevSecOps table on the Fluid Attacks platform

The following are brief descriptions of the table columns:

  • Date: The date and time the CI Gate was executed in your pipeline
  • Status: Whether vulnerabilities were found in the execution:
    • Vulnerable: Indicates that CI Gate identified at least one vulnerability that has not been fixed
    • Secure: Indicates that no unfixed vulnerabilities were found
  • Accepted vulnerabilities: The total number of vulnerabilities detected that are tolerated by your policies 
  • Unmanaged vulnerabilities: The total number of vulnerabilities detected that break the build
  • Strictness: Whether breaking the build was enabled:
    • Strict: CI Gate is configured to break the build if unmanaged vulnerabilities are detected, preventing deployment into production
    • Tolerant: CI Gate only issues warnings for unfixed vulnerabilities, allowing deployment into production
  • Type: The security testing technique(s) with which the vulnerabilities were detected, where the following values are offered:
    • STATIC: Static application security testing (SAST)
    • DYNAMIC: Dynamic application security testing (DAST)
    • ALL: At least one vulnerability was found through SAST and at least one through DAST
  • Git repository: The nickname of the Git repository  whose changes were scanned by CI Gate
  • Identifier: The first eight characters of the CI Gate run’s unique alphanumeric identifier

Filter the DevSecOps table

Role required : User, Vulnerability Manager or Group Manager

By clicking on the filters button, you access several options to limit the information shown in the table.

Filter the DevSecOps table on the Fluid Attacks platform
Choose filters in DevSecOps
Apply filter in DevSecOps on the Fluid Attacks platform
Apply filter

Search the DevSecOps table

Role required : User, Vulnerability Manager or Group Manager

Type in the search bar for the table to show you only the rows that contain your exact search term.

Search the DevSecOps table on the Fluid Attacks platform

Download a report of the CI Gate executions

Role required : User, Vulnerability Manager or Group Manager

The platform allows you to download the information from the DevSecOps table as a comma-separated values (CSV) file. You just need to click on the Generate a report button. The report is made available in Downloads  after a few minutes.

Download DevSecOps table on the Fluid Attacks platform
Generate report button
Confirm DevSecOps report delivery on the Fluid Attacks platform
Success notification

View CI Gate execution details

Role required : User, Vulnerability Manager or Group Manager

In the DevSecOps section, to gain more details about a specific CI Gate execution, click on its date.

Select a CI Gate execution on the Fluid Attacks platform

A pop-up window appears, which provides a wealth of details about that specific run. You are presented with two tabs: Summary and Execution log.

Summary

The first data in Summary is that already present in the table , plus the indication of the value of three policies applied in that execution. All this data is again presented in the second tab.

View Agent execution policy details on the Fluid Attacks platform

Here are brief definitions of these policies:

  • Severity threshold : The minimum CVSS score required for an unfixed vulnerability to break the build
  • Grace period : The number of days during which newly discovered vulnerabilities do not break the build
  • Days to technical debt : The number of days until vulnerabilities are considered technical debt and do not break the build

Below these details is a table with information about all vulnerabilities identified by CI Gate in its execution.

See Agent execution summary on the Fluid Attacks platform

The table has the following columns:

  • Exploit Maturity: The degree to which the vulnerability might lead to a successful attack, as measured by the CVSS  v4.0
  • Status: Indicates that the vulnerability is Open (is present) in the lines of code, inputs or ports
  • Type: The security testing technique(s) with which the vulnerabilities were detected, as defined above 
  • Specific: The exact lines of code, inputs (e.g., password fields) or ports where the vulnerability was found
  • Where: The file path where this vulnerability was found

You can apply filters to narrow down the information displayed in the table, facilitating targeted analysis.

Filter execution summary table on the Fluid Attacks platform

Moreover, you can simply type what you are looking for in the search box, so that only the rows whose content matches your search are shown.

Search the execution summary table on the Fluid Attacks platform

Execution log

You can get the execution log in a JSON format by either using the --output CLI option  and outputting the report to a file, or by querying the jsonLog attribute of forcesExecution in the platform’s API .

Understanding CI Gate’s execution log content can sometimes be challenging. This page section offers valuable tips and key information to help you interpret it effectively and extract maximum value from the data.

The following are the main elements to take into account:

  • Arguments : The log’s content depends on the parameters or arguments used during agent execution. For illustration purposes, the screenshots below show an example of an execution with the argument --strict.

    View arguments in execution log on the Fluid Attacks platform

  • Report body: The core of the report is the detailed information about the detected vulnerabilities. Here is a brief explanation of the content characteristics shown for each of the latter:

    • title: The category that best describes the vulnerability, following Fluid Attacks’ own classification 
    • url: The vulnerability URL  on the platform
    • state: Indicates the condition of the group regarding the type of vulnerability, where it is vulnerable if the weakness is present
    • exploit: From the CVSS , probability of exploitation given the current state of techniques for it, exploit code availability, and actual exploitation “in the wild”
    • severity: The type of vulnerability’s severity score (from 0.1 to 10.0) using the CVSS
    • vulnerable: The total number of unfixed vulnerabilities
    • locations: The vulnerabilities that were identified, for which the following is informed:
      • type: Whether it is a vulnerability found by looking at the source code (static) or by attacking the running application (dynamic)
      • technique: The security testing technique with which the vulnerability was detected
      • where: The file path where this vulnerability was found
      • specific: The indication of the exact lines of code, inputs (e.g., password fields) or ports where the vulnerability was found
      • state: Indicates that the lines of code, inputs or ports are vulnerable (the vulnerability is present)
      • severity: This specific vulnerability’s severity score using the CVSS
      • compliance: Whether the vulnerability breaks the build
    View Agent execution log on the Fluid Attacks platform

  • Summary: The report concludes with a summary highlighting the total number of unfixed vulnerabilities, the CI Gate execution time, the policies  verified, the vulnerability type’s name and age, and whether the build was broken or passed.

View execution log summary on the Fluid Attacks platform

Search for vulnerabilities in your apps for free with Fluid Attacks’ automated security testing! Start your 21-day free trial  and discover the benefits of the Continuous Hacking  Essential plan . If you prefer the Advanced plan, which includes the expertise of Fluid Attacks’ hacking team, fill out this contact form .

Last updated on February 19, 2026
CI Gate configurationSecurity gates
Fluid Attacks 2026. All rights reserved.