Skip to content
Fluid Attacks Development Portal

Introduction

Who we are

We are the engineering team at Fluid Attacks.

Beliefs

Diversity

We are a diverse team of people from different backgrounds, cultures, and perspectives. We believe that diversity is the key to innovation.

Horizontal

We maintain a horizontal team where all members are developers that solve problems. We think this empowers everyone to make decisions and take ownership of the work we do.

Open Source

We believe in the power of open source and we are committed to sharing our work with the world. We think that open source is the best way to build a more secure world.

Asynchronous

We think in asynchronous work and make sure that everyone can do their work at their own pace, with the minimum synchronous dependencies. This allows us to be more productive and to have a better work-life balance.

Simplicity

We believe in simplicity and strive to keep our code and our processes as simple as possible. We think that simplicity is the key to maintainability.

Trust

We are committed to building trust with our customers and with the community at large by publishing our work and being transparent about our processes.

What we do

Our main responsibilities are:

  • Build and maintain all of Fluid Attacks’ components.
  • Look for state of the art technologies to improve our stack.
  • Optimize the development process of the company.
  • Help design a seamless experience for Fluid Attacks’ Continuous Hacking solution.

Our source code is versioned in the Universe repository and is divided across many components. We also have a GitHub account where we publish projects that are more oriented towards the community and less coupled to our model of business.

This documentation focuses on the Universe repository.

Code Quality

Maintainability Rating

Technical Debt

codecov

Total lines

Code Style

Languages Count Badge

DevOps

Last 30 days deployments

Last 24 hours deployments

Daily Deployment Frequency

Change Failure Rate

Mean Time to Repair

Avg deployment time

Security

OpenSSF Best Practices

Security Rating

Security Scorecard

License: MPL 2.0

Our components

ComponentDescriptionSoftware Billing Of Materials (SBOM)
AirsHome page, live at fluidattacks.comLink
CommonOwner of critical, or company-wide infrastructure and resourcesLink
IntegratesThe platform that orchestrates Fluid Attacks’ core services and its front-ends: Web, API, VSCode Extension and DevSecOps AgentLink
SkimsSecurity Vulnerability ScannerLink
SortsUsing AI, sorts the list of files in a git repository by their probability of having vulnerabilitiesLink
ObservesCompany-wide data analyticsLink

Our users

Below you will find our most typical users.

End users

They don’t contribute code, but instead just interact with our components.

They are usually:

  • Security Analysts of Fluid Attacks: They usually use Skims, Sorts and the platform (Integrates), among others.
  • Customers of Fluid Attacks: They usually use the platform (Integrates), the DevSecOps Agent (Sorts), read our blog (Airs) and public documentation.
  • Community users: They usually use tools like Skims in its Free and Open Source plan.

Developers

Fluid Attacks’ developers that contribute source code to Universe. They also sometimes contribute to our projects on GitHub.