Billing FAQ

Last updated: Mar 5, 2026

Why does a former employee appear on the billing list?

This situation could occur due to various factors:

Their commits may be integrated into the configured branch in the platform at a later stage.
The analyzed branch might not be the primary one and could have been added to the platform later, resulting in differences between commits across branches.
The repository could have been initially empty at registration, with subsequent merges of branches containing existing commits.

Can Fluid Attacks restrict the number of authors permitted to make commits to a repository?

No, repository management policies can only be configured by the repository administrator, and these policies might differ depending on the chosen platform.

Which users have permission to access the monthly author count or list?

Group Managers, Vulnerability Managers (groups), and Users (groups).

Will an author be charged twice if they commit to different repositories within different groups?

No, the developer can make unlimited commits, regardless of the number of repositories or groups, and they will only be billed once. The charge for a single author contributing to multiple groups is divided among all participating groups, ensuring equal distribution of costs.

Will an author be charged if they commit to excluded paths?

No. Fluid Attacks only charges for authors contributing to files in paths included in the testing scope.

How can I count the number of authors in Git repositories?

You can use a Python script provided by Fluid Attacks to count authors in one or more Git repositories. The script lists contributors and their number of commits within a given date range. It can also aggregate data from multiple subfolders and normalize identities via a .mailmap file, if required.

Script workflow:

Determines the date range based on the arguments (-m or -b).
Gets the relevant commits between the first and last day of a given date range.
Uses git shortlog to count contributions.
Applies the .mailmap file to unify aliases or duplicates.
Generates a report sorted by the number of commits.

**Check requirements: **

Before running the script, ensure that you have the following:

Python 3 installed (check by running python3 --version)
Git installed (check by running git --version)
A valid .mailmap file to unify contributor identities
Local clones of the repositories you want to analyze

Download the script:

Download the script . Then, save it in your working directory under scripts/Get_Authors.py.

Run the script:


python3 scripts/Get_Authors.py -m 2023-05 test .mailmap

These are the arguments used to run the script:

test: The path to the folder containing the repository or repositories.
.mailmap: The path to the .mailmap file to be used.
-m YYYY-MM (optional): Counts authors within a specific month (e.g., 2023-05)
-b YYYY-MM-DD YYYY-MM-DD (optional): An alternative to -m YYYY-MM, it specifies a custom date range
-u (optional): Avoids counting subfolders (subfolders are scanned by default)

**Output example: **


Authors of the repositories test between 01 May 2023 and 31 May 2023:Commits     Author42          Alice <alice@example.com>36          Bob <bob@example.com> (NOT IN MAILMAP)...Total Authors = 12

If an email cannot be found in the .mailmap file, it will be flagged as ‘(NOT IN MAILMAP)’.

How can I count the lines of code for Health Check?

You can use a script provided by Fluid Attacks to count the effective lines of code (LoC) in your repositories, which can be useful to verify the cost of Health Check yourself. This script uses tokei and excludes files that are irrelevant to the analysis, such as documentation and styling files.

Analyzed files:

The script runs tokei to apply Fluid Attacks’ language definitions and it excludes the following non-code languages:

Documentation: Markdown
Styling: CSS, SASS, LESS, Stylus
Format/config files: JSON, XML, XAML

Check requirements:

Before running the script, ensure that you have the following:

Python (version 3 recommended; check by running python3 --version)
tokei installed and accessible in your system path

Use the script:

Download the script file .
From your terminal, run the script on your project folder:


python3 scripts/Count_LoC.py /path/to/project

You will then see the LoC report, followed by a message:


Excluded: Markdown,CSS,SASS,LESS,Stylus,JSON,XML,XAMLUsing special FLUID Configuration

The above message means that the script has successfully excluded non-code files and applied the standard used by Fluid Attacks.

If tokei is not installed or cannot be found in your system path, you will see an error message prompting you to install it.

How are lines counted for a late Health Check?

If you are subscribed to the Continuous Hacking Advanced plan and later request a Health Check, line counting is done per repository, starting from the first successful clone that included at least one file beyond a ‘README’ file.

To get the repository state at a past date, the following is done:

Cloning the repository:

git clone <repo-url> cd <repo-name>

Finding the latest commit before a specific date:

git rev-list -n 1 —before=“2024-03-01 23:59” master

For example, the line above returns the most recent commit hash before March 1, 2024 in the master branch.

Checkouting that commit:

git checkout <commit-hash>

This puts the repo in ‘detached HEAD’ mode, useful for historical analysis.

How are lines counted for a Health Check after changing plans?

If you need a Health Check when subscribing back to the Continuous Hacking Advanced plan, the following is considered:

If a Health Check of the repository in question was never conducted, all lines of code at the moment of this latest subscription are counted.
If a Health Check had been conducted, the lines counted are those of all the files that have been modified since the change to the Essential plan.