Forces Install

You can use forces on any operating system that Python can run on, you can see the status of the package in Pypi. You can also integrate forces into your CI/CD to ensure that your software is built and shipped without previously reported vulnerabilities in integrates.


  1. Make sure you own an integrates API token. Follow this guide to generate it.

  2. Make sure your execution environment has the required dependencies:

    • git

    • Python 3.8

    • pip

  3. Install forces by running the following command:

    • Windows: python -m pip install forces.

    • Linux and Mac OS: python3.8 -m pip install -U forces.

  4. You can also make use of the Docker image docker pull fluidattacks/forces:new.

  5. Be sure to use forces within a git repository.


  • --token: Your token for integrates API [required].

  • --dynamic / --static Run only DAST / SAST vulnerabilities.

  • -verbose <number>: Declare the level of detail of the report (default 3)

    • 1:It only shows the number of open, closed and accepted vulnerabilities.

    • 2: Only show open vulnerabilities.

    • 3: Show open and closed vulnerabilities.

    • 4: Show open, closed and accepted vulnerabilities.

    • You can use -v, -vv, -vvv, -vvvv instead of --verbose.

  • --strict / --lax: Run forces in strict mode (default --lax).

  • --repo-path: Git repository path (optional)


In your local environment you execute: forces --token <your-token>. You can also use the Docker image: docker run --rm fluidattacks/forces:new forces --token <your-token>.

Use in some CI\CD

in GitLab,
add these three lines to your .gitlab-ci.yml:

    name: fluidattacks/forces:new
    entrypoint: [""]
    - forces --token <your-token> --strict

in `Azure DevOps`add these lines to you configuration file:

  - forces:
    container: fluidattacks/forces:new
    - bash: forces --token <your-token>

in Jenkins, the configuration file should look like this:

pipeline {
  agent {
    label 'label'
  environment {
    TOKEN = "test"
  stages {
    stage('Forces') {
      steps {
        script {
          sh """
            docker pull fluidattacks/forces:new
            docker run fluidattacks/forces:new --token ${TOKEN}

Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.