0 filters active
Skip to Content
logo
  • Home
  • Quick start
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Access to your assets
      • Cloud
      • Connector
      • Egress
      • Set up an AWS IAM role
      • Summary of mechanisms used to access assets
      • Types of authentication used
      • Fix code automatically with gen AI
      • Get AI-generated guides for remediation
      • Contribute to enhancing the scanners
      • Fluid Attacks' scanners
      • Know and reproduce the scanner’s OWASP Benchmark results
      • Pentesters' tools
    • Machine
      • Configure and use Sorts on your own
      • Introduction to Fluid Attacks' AI tool
      • Accuracy SLA
      • Availability SLA
      • False negatives
      • False positives
      • Response SLA
      • Scope
      • Service-level agreement summary
        • 2023
        • 2024
        • 2025
        • 2026
      • Documentation sections
      • Roadmap
      • Supported AI functions
      • Supported attack surfaces
      • Supported binaries
      • Supported browsers
      • Supported CI/CD
      • Supported clouds
      • Supported CVEs for reachability analysis
      • Supported evidence formats
      • Supported frameworks
      • Supported IDE functionalities
      • Supported languages
      • Supported languages for vulnerability fixes
      • Supported package managers
      • Supported remediation
      • Supported SCM systems
      • Supported secrets
      • Supported standards
      • Supported ticketing systems
      • CVSS score adjustment
      • Find reachable dependency vulnerabilities
      • Vulnerability signature update
      • What is SCA?
      • APK scanner configuration file
      • DAST scanner configuration file
      • SAST scanner configuration file
      • SCA scanner configuration file
      • Scan with a configuration file
    • Use the Platform
        • Platform sections and header items
        • Sign-up and login authentication
        • Create and delete groups
        • Create another organization
        • Know your Groups section
        • Manage a group's configuration
        • Register payment information
        • See the target of evaluation's status and SBOM
        • Sort groups into portfolios
        • Invite contributing developers
        • Manage members
        • Manage your organization's authors
        • Understand roles
        • Import repositories fast and safely with OAuth
        • Manage environments
        • Manage repositories
        • Manage your credentials
        • Resolve events impeding tests
        • See retrieved repositories not yet added to any group
        • Analyze your supply chain security
        • Assign treatments
        • Correlate your threat model to vulnerabilities
        • Examine the evidence of exploitability
        • Request a vulnerability be dismissed as Zero Risk
        • See vulnerabilities assigned to you
        • See where vulnerabilities are and more details
        • Verify fixes with reattacks
        • Ask the AI Agent
        • Ask via chat
        • Post comments
        • Send Fluid Attacks an email
        • Talk to a Pentester
        • Watch certifiable tutorial videos or get a demo
        • Access recent downloads
        • Check your compliance with standards
        • View analytics common to orgs, groups and portfolios
        • Download a report of detected vulnerabilities
        • View analytics for the group level only
        • View analytics for the portfolio level only
        • Use analytics charts options
        • View and download logs
        • Accept vulnerabilities
        • Manage fix prioritization policies
        • Manage security gates
        • Prevent the deployment of builds with vulnerabilities
        • View details of the security of your builds
        • Enable and disable notifications
        • Explore the user menu
        • Leave group
        • Subscribe to news
      • Manage repositories
      • See vulnerabilities
      • Exclude findings from scan reports
      • Run scans locally
      • Understand the scanner output
      • Use standalone scanners
      • Use the scanners in CI/CD
  • Integrations
      • Local tools
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
      • Install the VS Code extension
      • View vulnerable lines, use fix options and more
      • VS Code extension error and solution catalog
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
      • Excluding files from analysis
      • Integrate with Azure DevOps Peer Reviewer Assistant
      • Integrate with GitLab Peer Reviewer Assistant
      • Troubleshooting
      • Introduction
      • Use the API
      • Learn the basics of the Fluid Attacks API
      • Things to know before using the API
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
  • Compliance
      • Clients
      • Password policies
      • Staff
      • Access revocation
      • Endpoint
      • Authorization for clients
      • Authorization for Fluid Attacks staff
      • Secret rotation
      • Secure employee termination
      • Session management
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Extensive hiring process
      • Monitoring
      • Production data not used for dev or test
      • Secure emails
      • Software Artifacts SLSA levels
      • Static website
      • Training plan
      • Everything as code
      • Extensive logs
      • Data privacy policy
      • Data policies
      • Email obfuscation
      • Employee time tracking software
      • Manual for the National Database Registry (NDR)
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Retention
      • Secure delivery of sensitive data
      • Transparent use of cookies
      • Unsubscribe email
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • ArmorCode
    • Arnica
    • Astra
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dryrun Security
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Escape
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 
  • Home
  • Quick start
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Access to your assets
      • Cloud
      • Connector
      • Egress
      • Set up an AWS IAM role
      • Summary of mechanisms used to access assets
      • Types of authentication used
      • Fix code automatically with gen AI
      • Get AI-generated guides for remediation
      • Contribute to enhancing the scanners
      • Fluid Attacks' scanners
      • Know and reproduce the scanner’s OWASP Benchmark results
      • Pentesters' tools
    • Machine
      • Configure and use Sorts on your own
      • Introduction to Fluid Attacks' AI tool
      • Accuracy SLA
      • Availability SLA
      • False negatives
      • False positives
      • Response SLA
      • Scope
      • Service-level agreement summary
        • 2023
        • 2024
        • 2025
        • 2026
      • Documentation sections
      • Roadmap
      • Supported AI functions
      • Supported attack surfaces
      • Supported binaries
      • Supported browsers
      • Supported CI/CD
      • Supported clouds
      • Supported CVEs for reachability analysis
      • Supported evidence formats
      • Supported frameworks
      • Supported IDE functionalities
      • Supported languages
      • Supported languages for vulnerability fixes
      • Supported package managers
      • Supported remediation
      • Supported SCM systems
      • Supported secrets
      • Supported standards
      • Supported ticketing systems
      • CVSS score adjustment
      • Find reachable dependency vulnerabilities
      • Vulnerability signature update
      • What is SCA?
      • APK scanner configuration file
      • DAST scanner configuration file
      • SAST scanner configuration file
      • SCA scanner configuration file
      • Scan with a configuration file
    • Use the Platform
        • Platform sections and header items
        • Sign-up and login authentication
        • Create and delete groups
        • Create another organization
        • Know your Groups section
        • Manage a group's configuration
        • Register payment information
        • See the target of evaluation's status and SBOM
        • Sort groups into portfolios
        • Invite contributing developers
        • Manage members
        • Manage your organization's authors
        • Understand roles
        • Import repositories fast and safely with OAuth
        • Manage environments
        • Manage repositories
        • Manage your credentials
        • Resolve events impeding tests
        • See retrieved repositories not yet added to any group
        • Analyze your supply chain security
        • Assign treatments
        • Correlate your threat model to vulnerabilities
        • Examine the evidence of exploitability
        • Request a vulnerability be dismissed as Zero Risk
        • See vulnerabilities assigned to you
        • See where vulnerabilities are and more details
        • Verify fixes with reattacks
        • Ask the AI Agent
        • Ask via chat
        • Post comments
        • Send Fluid Attacks an email
        • Talk to a Pentester
        • Watch certifiable tutorial videos or get a demo
        • Access recent downloads
        • Check your compliance with standards
        • View analytics common to orgs, groups and portfolios
        • Download a report of detected vulnerabilities
        • View analytics for the group level only
        • View analytics for the portfolio level only
        • Use analytics charts options
        • View and download logs
        • Accept vulnerabilities
        • Manage fix prioritization policies
        • Manage security gates
        • Prevent the deployment of builds with vulnerabilities
        • View details of the security of your builds
        • Enable and disable notifications
        • Explore the user menu
        • Leave group
        • Subscribe to news
      • Manage repositories
      • See vulnerabilities
      • Exclude findings from scan reports
      • Run scans locally
      • Understand the scanner output
      • Use standalone scanners
      • Use the scanners in CI/CD
  • Integrations
      • Local tools
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
      • Install the VS Code extension
      • View vulnerable lines, use fix options and more
      • VS Code extension error and solution catalog
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
      • Excluding files from analysis
      • Integrate with Azure DevOps Peer Reviewer Assistant
      • Integrate with GitLab Peer Reviewer Assistant
      • Troubleshooting
      • Introduction
      • Use the API
      • Learn the basics of the Fluid Attacks API
      • Things to know before using the API
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
  • Compliance
      • Clients
      • Password policies
      • Staff
      • Access revocation
      • Endpoint
      • Authorization for clients
      • Authorization for Fluid Attacks staff
      • Secret rotation
      • Secure employee termination
      • Session management
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Extensive hiring process
      • Monitoring
      • Production data not used for dev or test
      • Secure emails
      • Software Artifacts SLSA levels
      • Static website
      • Training plan
      • Everything as code
      • Extensive logs
      • Data privacy policy
      • Data policies
      • Email obfuscation
      • Employee time tracking software
      • Manual for the National Database Registry (NDR)
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Retention
      • Secure delivery of sensitive data
      • Transparent use of cookies
      • Unsubscribe email
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • ArmorCode
    • Arnica
    • Astra
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dryrun Security
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Escape
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 
Quick startVerify FixesVerify whether a fix was successful

Verify whether a fix was successful

As part of vulnerability management, you should reassess the code after a fix attempt. This is because a fix can introduce further vulnerabilities or be no fix at all for the original vulnerability.

Read the section Fix your code  to understand how Fluid Attacks can help you successfully address vulnerabilities. When you have applied your fix, follow the steps on this page.

At Fluid Attacks, reassessments are called “reattacks.” Do the following to request automated reattacks by the tool or manual reattacks by Fluid Attacks’ team of pentesters:

  1. Enter the group where the vulnerability you want to reattack was reported and go to the Scope section.

    Open the Scope section in the Fluid Attacks platform

  2. Click on the Update button to clone the latest version of the repository. This is to submit the version that contains the fixed code for testing.

    Clone updated version of a repository on the Fluid Attacks platform

    Check the Status value of the repository. When the status is ‘Cloned’, you can move on to step 3.

    Tip

    Repos are cloned  when you use this option and every two hours on workdays.

  3. In the Vulnerabilities section, click on the name of the weakness you wish to reattack.

    Select type of vulnerability to reattack on the Fluid Attacks platform

  4. Select the path where you have already effectuated a fix and click Reattack.

    Request a reattack on the Fluid Attacks platform

  5. In the pop-up window, click Confirm, acknowledging that you have synced the fixed version to the platform.

    Reattack a finding by the Fluid Attacks scanner

    If you have the Advanced plan, and the vulnerability was reported by the team of pentesters, you instead have to describe the applied fix and click Confirm.

    Fill out the reattack request form on the Fluid Attacks platform

When you select multiple vulnerabilities and some of them cannot be reattacked, the reason is shown to you in the pop-up window before you proceed. The reason may be that the request has already been made, the location is already marked ‘Safe’, reattacks are on hold, or the reattack requires a plan upgrade.

See unavailable reattacks on the Fluid Attacks platform

If the vulnerability is still present, you will get a comment informing you of this in the Comments section of the weakness. In the Locations table, the reattacked vulnerability will show the value Verified (vulnerable) in the Reattack column.

As a security measure, you can use Fluid Attacks’ CI Gate to break the build  if vulnerabilities with specific attributes are present in it.

Tip

Still no luck fixing your code? Try GenAI help .

Last updated on February 14, 2026
Install CI Gate to break the buildFind and fix
Fluid Attacks 2026. All rights reserved.