Fluid Attacks SAST

Fluid Attacks SAST is a static application security testing tool that performs automated vulnerability scanning of source code. The tool integrates with Git repositories hosted on GitLab, GitHub, Azure, and Bitbucket through OAuth authentication, with setup taking less than 10 minutes. The platform provides continuous vulnerability scanning throughout the software development lifecycle (SDLC) and delivers detailed reports through a vulnerability management platform. It supports multiple programming languages including Python, Java, Go, JavaScript, TypeScript, PHP, Ruby, Scala, C#, Dart, Kotlin, and Swift. The tool analyzes infrastructure as code (IaC) and configuration files for Terraform, ARM, Docker Compose, CloudFormation, Helm, and Kubernetes. It supports API protocols including REST, GraphQL, WebSockets, gRPC, Webhooks, and SOAP. Cloud platforms covered include AWS, Azure, and GCP. Fluid Attacks SAST integrates with CI/CD pipelines and can break builds to prevent unsafe deployments. The platform includes IDE plugins for vulnerability management directly within development environments. It uses generative AI to provide remediation suggestions for identified vulnerabilities. The tool checks compliance against multiple security standards and frameworks. It combines SAST with other testing techniques including AI SAST, SCA, DAST, CSPM, SCR, PTaaS, and RE as part of a broader continuous hacking approach.