Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    24.3.a
    24.3.a
    24.3.0
    24.2.0
    24.1.a
    24.1.0
    23.4.a
    23.4.0
    23.3.0
    23.2.a
    23.2.0
    23.1.a
    23.1.0
    22.4.a
    22.4.0
    22.1.0

    Support Matrix

    Support Matrix

    Supported Scanners

    Scanner

    Description
    SAST

    Scans the source code of an application during development to minimize zero-day vulnerabilities. The application languages supported for SAST are Shell, Java, Ruby on Rails, Python, Golang, PHP, JavaScript/NodeJS, C, C++, C# .Net, and TypeScript.
    SCA

    Scans for vulnerabilities in the open-source libraries/components used by the application. The programming languages supported by the SCA scanner are Java, Javascript, Ruby, Python, Golang, C# .Net and PHP. SCA supports scanning multiple Git repositories within same directory.

    Also, SCA scans for Outbreak Alerts and Supply Chain Attacks identified by FortiGuard Labs Threat Research.
    Secret

    Scans hard coded secrets such as passwords, API keys, and tokens in git repository commits. See FortiDevSec Secret Scanner.
    IaC

    Scans your IaC configuration files for Terraform, Cloud Formation, Docker and Kubernetes, to detect configuration issues.
    Container

    Scans container components to identify potential vulnerabilities.

    DAST

    Scans a deployed application at runtime to detect vulnerabilities. The DAST scanner supports scanning of assets/targets hosted on both the internal network of an organization and the external/public network using FortiDAST proxy server. See FortiDAST Proxy Server.

    The DAST scanner allows you to configure a full or a quick scan using the FortiDAST, for more information see FortiDAST Scanner.

    • Quick Scan : A quick scan is fast mode scanning that provides vulnerability assessment based on limited testing/scraping of the static pages of your asset. These pages are scraped by searching and extracting URLs from HTML tags and attributes.

    • Full scan: A full scan provides vulnerability assessment based on complete testing/scraping of the static and dynamic pages of your asset. The Crawler also performs browsing simulation such as clicking of buttons, links, and images to test the interaction between the dynamic pages and the browser. This mode of vulnerability assessment takes longer than a quick scan.

    Supported CI/CD Pipeline Tools

    Support for the following CI/CD tools is available. For more information, see Running the Security Scan

    • AWS CodePipeline
    • Azure DevOps
    • Bamboo
    • CircleCI
    • Drone CI
    • GCP Cloud Build
    • GitHub Actions
    • GitLab
    • Jenkins
    • Travis CI

    • Bitbucket

    • JFrog (for GitLab and GitHub projects)

    Previous
    Next

    Support Matrix

    Support Matrix

    Supported Scanners

    Scanner

    Description
    SAST

    Scans the source code of an application during development to minimize zero-day vulnerabilities. The application languages supported for SAST are Shell, Java, Ruby on Rails, Python, Golang, PHP, JavaScript/NodeJS, C, C++, C# .Net, and TypeScript.
    SCA

    Scans for vulnerabilities in the open-source libraries/components used by the application. The programming languages supported by the SCA scanner are Java, Javascript, Ruby, Python, Golang, C# .Net and PHP. SCA supports scanning multiple Git repositories within same directory.

    Also, SCA scans for Outbreak Alerts and Supply Chain Attacks identified by FortiGuard Labs Threat Research.
    Secret

    Scans hard coded secrets such as passwords, API keys, and tokens in git repository commits. See FortiDevSec Secret Scanner.
    IaC

    Scans your IaC configuration files for Terraform, Cloud Formation, Docker and Kubernetes, to detect configuration issues.
    Container

    Scans container components to identify potential vulnerabilities.

    DAST

    Scans a deployed application at runtime to detect vulnerabilities. The DAST scanner supports scanning of assets/targets hosted on both the internal network of an organization and the external/public network using FortiDAST proxy server. See FortiDAST Proxy Server.

    The DAST scanner allows you to configure a full or a quick scan using the FortiDAST, for more information see FortiDAST Scanner.

    • Quick Scan : A quick scan is fast mode scanning that provides vulnerability assessment based on limited testing/scraping of the static pages of your asset. These pages are scraped by searching and extracting URLs from HTML tags and attributes.

    • Full scan: A full scan provides vulnerability assessment based on complete testing/scraping of the static and dynamic pages of your asset. The Crawler also performs browsing simulation such as clicking of buttons, links, and images to test the interaction between the dynamic pages and the browser. This mode of vulnerability assessment takes longer than a quick scan.

    Supported CI/CD Pipeline Tools

    Support for the following CI/CD tools is available. For more information, see Running the Security Scan

    • AWS CodePipeline
    • Azure DevOps
    • Bamboo
    • CircleCI
    • Drone CI
    • GCP Cloud Build
    • GitHub Actions
    • GitLab
    • Jenkins
    • Travis CI

    • Bitbucket

    • JFrog (for GitLab and GitHub projects)

    Previous
    Next