You can use DevSeCops agent on any OS that Docker can run on.
You can also integrate DevSecOps agent into your
CI/CD to ensure that your software
is built and shipped without previously reported vulnerabilities in our
Make sure you own an DevSecOps agent token. Follow this link: https://announcekit.app/dashboard/post/144137 to generate it.
Make sure your execution environment has the required dependencies:
Install docker by following official guide:
Having Docker installed, pull image:
docker pull fluidattacks/forces:new.
--token: Your DevSecOps agent token [required].
--dynamic / --static Run only DAST / SAST vulnerabilities. (optional)
--verbose <number>: Declare the level of detail of the report (default 3)
1:It only shows the number of open, closed and accepted vulnerabilities.
2: Only show open vulnerabilities.
3: Show open and closed vulnerabilities.
4: Show open, closed and accepted vulnerabilities.
You can use
-vvvv instead of
--strict / --lax: Run forces in strict mode (default
--repo-path: Git repository path (optional)
Run the Docker image:
all vulnerabilities including static and dynamic
docker run --rm fluidattacks/forces:new forces --token <your-token>.
To check only
docker run --rm fluidattacks/forces:new forces --static --strict --token <your-token>.
To check only
docker run --rm fluidattacks/forces:new forces --dynamic --strict --token <your-token>.