You can use the DevSeCops agent
on any OS that Docker can run on.
You can also integrate the agent
CI/CD to ensure
that your software is built and shipped
without previously reported vulnerabilities
in our ASM.
In order to install the agent
you need to do the following:
Make sure you own an DevSecOps agent token. This token can be generated in our ASM scope section (Organization>Groups>GroupName>Scope), where you will find the DevSecOps Agent Token section.
Click on the Manage Token button and a pop-up will appear where you can Generate the token or click on Reveal Token in case you already generated one.
Make sure your execution environment has the required dependencies:
Install docker by following the official guide:
Having Docker installed, pull the image:
docker pull fluidattacks/forces:new.
--token: Your DevSecOps agent token [required].
--dynamic / --static: Run only DAST / SAST vulnerabilities. (optional)
--verbose <number>: Declare the level of detail of the report (default 3)
1: Show only the number of open, closed and accepted vulnerabilities.
2: Show only open vulnerabilities.
3: Show open and closed vulnerabilities.
4: Show open, closed and accepted vulnerabilities.
- You can use
--strict / --lax: Run forces in strict mode (default
--repo-path: Git repository path (optional)
Run the Docker image:
- To check
allvulnerabilities including static and dynamic
docker run --rm fluidattacks/forces:new forces --token <your-token>.
- To check only
docker run --rm fluidattacks/forces:new forces --static --strict --token <your-token>.
- To check only
docker run --rm fluidattacks/forces:new forces --dynamic --strict --token <your-token>.