What is fafnir?

fafnir-sec is a free open-source application security posture management (ASPM) tool to detect vulnerabilities in the software supply chain.

This tool uses other open-source tools to detect the vulnerabilities related with the application code and build & deploy process.

How fafnir works?

fafnir-sec pulls the official Docker image of the security tools to analyze and detect vulnerabilities.

First of all, fafnir-sec evaluates the programming languages, technologies and configuration files to choose the needed security tools in the best way.

Then, fafnir-sec runs the security tools using official Docker images to detect all vulnerabilities from SAST, SCA, container analysis, secrets, IaC…

Finally, the goal of fafnir-sec is group all vulnerabilities and report it in a standard and single way.