Getting Started¶
Faraday is a collaborative vulnerability management platform that centralizes security findings from 120+ tools into a single workspace. Whether you run scans manually, automate them with agents, or integrate via CI/CD pipelines, Faraday gives your team a unified view of your security posture.
Quick Overview¶
┌─────────────────────────────────────────────────────────┐
│ Data Sources │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌─────────┐ │
│ │ Manual │ │ Report │ │ Faraday │ │ REST │ │
│ │ Scans │ │ Upload │ │ Agents │ │ API │ │
│ └─────┬────┘ └─────┬────┘ └─────┬────┘ └────┬────┘ │
└────────┼─────────────┼─────────────┼────────────┼───────┘
│ │ │ │
└──────────┬──┴─────────────┴────────────┘
▼
┌─────────────────┐
│ Faraday Server │
│ (Flask + API) │
└────────┬────────┘
▼
┌─────────────────┐
│ Workspaces │
│ ┌─────────────┐ │
│ │ Assets │ │
│ │ Services │ │
│ │ Vulns │ │
│ └─────────────┘ │
└────────┬────────┘
▼
┌──────────────┴───────────────┐
│ Analysis & Reporting │
│ Dashboard · Reports · API │
│ Jira · GitLab · ServiceNow │
└──────────────────────────────┘
Choose Your Path¶
I want to try Faraday quickly¶
- Install via Docker Compose — the fastest path to a running instance:
curl -O https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml docker compose up -d - Log in at http://localhost:5985
- Follow the First Steps guide to create a workspace and import your first scan
I want to set up Faraday for my team¶
- Choose an installation method from the Installation Guide:
- Docker Compose (recommended for production)
- Ubuntu / Debian / Kali
- RHEL 8+ / CentOS / Rocky
- Community Edition (pip)
- Configure NGINX and TLS using the Advanced Install Guide for production-grade deployments
- Create user accounts and assign roles (admin, pentester, asset owner, client)
- Set up integrations with your ticketing system (Jira, GitLab, ServiceNow, Web Help Desk, ServiceDesk)
I want to automate scanning¶
- Install the Faraday CLI to run tools and import results from the command line
- Set up Faraday Agents to run scheduled scans with tools like Nmap, Nessus, Nuclei, and more
- Integrate with CI/CD to scan automatically on every deployment
I want to integrate via API¶
- Generate an API token — see API Token
- Explore the API — see the Interactive API Reference (Swagger UI)
- Build your integration using the REST API to create hosts, services, and vulnerabilities programmatically
Integrating Faraday in Your Workflow¶
Supported Tools¶
Faraday processes output from 120+ security tools. See the full Supported Plugins list. Popular tools include:
| Category | Tools |
|---|---|
| Network Scanning | Nmap, Nessus, OpenVAS, Nexpose, Qualys |
| Web Application | Burp Suite, OWASP ZAP, Acunetix, Nikto, Arachni |
| Static Analysis | Bandit, SonarQube, Checkmarx, Fortify |
| Cloud Security | AWS Inspector, Prowler, ScoutSuite |
| Container Security | Trivy, Docker Bench |
| Dynamic Testing | Nuclei, SQLMap, Dirsearch, WPScan |
Data Import Methods¶
| Method | Use Case | How |
|---|---|---|
| Web UI Upload | One-off report imports | Drag-and-drop in the Vulnerabilities view |
| Faraday CLI | Terminal-based workflow | faraday-cli report <file> or faraday-cli tool run "<command>" |
| Agents | Scheduled / remote scans | Configure executors via the web UI |
| REST API | Programmatic integration | POST /ws/<name>/upload_report or POST /ws/<name>/bulk_create |
CI/CD Integration¶
Integrate Faraday into your deployment pipeline to scan automatically:
- GitHub Actions — Use Faraday CLI in your workflow steps
- GitLab CI/CD — Import results as a pipeline job
- Jenkins — Run tools and push results via CLI or API
Resources¶
| Resource | Link |
|---|---|
| Documentation | docs.faradaysec.com |
| Faraday CLI Docs | docs.faraday-cli.faradaysec.com |
| Agent Dispatcher Docs | docs.agents.faradaysec.com |
| GitHub (Community) | github.com/infobyte/faraday |
| Issue Tracker | GitHub Issues |
| Support (Commercial) | support.faradaysec.com |