Support Matrix
Supported Scanners
Scanner |
Description |
---|---|
SAST |
Scans the source code of an application during development to minimize zero-day vulnerabilities. The application languages supported for SAST are Shell, Java, Ruby on Rails, Python, Golang, PHP, JavaScript, C and C++. |
SCA |
Scans for vulnerabilities in the open-source libraries/components used by the application. The programming languages supported by the SCA scanner are Java, Javascript, Ruby, Python, Golang, and PHP. |
Secret |
Scans to detect certificates and other secrets committed into Git. |
IaC |
Scans your IaC configuration files for Terraform, Ansible, AWS Cloud Formation, and Kubernetes, to identify potential vulnerabilities. |
Container |
Scans container components to identify potential vulnerabilities. |
DAST |
Scans a deployed application at runtime to detect vulnerabilities. The DAST scanner supports scanning of assets/targets hosted on both the internal network of an organization and the external/public network. The DAST scanner allows you to configure a full or a quick scan using the FortiPenTest, for more information see FortiPenTest Scanner.
Note:
|
Supported CI/CD Pipeline Tools
Support for the following CI/CD tools is available. For more information, see Running the Security Scan
- AWS CodePipeline
- Azure DevOps
- Bamboo
- CircleCI
- Drone CI
- GCP Cloud Build
- GitHub Actions
- GitLab
- Jenkins
- Travis CI