Skip to content
Home ASPM Tools Faraday
Faraday

Faraday

Category: ASPM
License: Freemium (Free Community Edition, paid plans available)
GitHub (6200★)
0 Comments
Visit Website →
Suphi Cankurt
Suphi Cankurt
AppSec Enthusiast
Updated February 7, 2026
3 min read
0 Comments

Faraday is an open-source vulnerability management platform with 6.2k GitHub stars and 1k forks. It orchestrates 80+ security tools, normalizes their output, and deduplicates findings into a single management interface.

Faraday vulnerability management dashboard showing centralized security findings

The company behind Faraday, Infobyte, has been around since 2004. Headquartered in Miami with a research lab in Buenos Aires. Customers include Accenture, Volkswagen, Telefonica, Santander, BBVA, HSBC, KPMG, Lufthansa, AT&T, and Vercel.

GitHub: infobyte/faraday | Latest Release: v5.19.0 (January 2026)

What is Faraday?

Faraday started as a tool for penetration testers who needed a single place to collect results from multiple scanners. It has since grown into a vulnerability management platform used by security operations teams, red teams, and managed security service providers.

80+ tool integrations
Normalizes output from vulnerability scanners, DAST/SAST tools, network scanners, and pentesting frameworks. Data is deduplicated automatically across tools.
Agents Dispatcher
Lightweight remote agents run scheduled or triggered scans across distributed environments. Results flow back to the central Faraday instance automatically.
Open source core
GPL-3.0 licensed with 46+ contributors and 103 releases. Self-host via Docker, PyPI, or binary packages. REST API for full automation.

Key features

Tool integrations

Faraday normalizes data from 80+ security tools:

CategoryTools
Vulnerability scannersNessus, OpenVAS, Qualys
SAST/DASTOWASP ZAP, Burp Suite, Semgrep
NetworkNmap, Masscan
PentestingMetasploit, Nuclei
Cloud/containersTrivy, AWS tools

All findings get normalized into a common format with automatic deduplication.

Faraday unified vulnerability view with normalized findings across tools

Agents Dispatcher

For large or distributed environments, Agents Dispatcher runs remote scans without installing the full Faraday stack on every machine:

  • Lightweight agents for scheduled or on-demand scanning
  • Horizontal scaling across multiple environments
  • Automatic result import back to the central instance
  • Works with any supported scanner

Faraday platform overview showing security tool orchestration

Offensive security focus
Unlike most ASPM tools that focus on development pipeline security, Faraday comes from the offensive security world. It’s built for pentesting teams, red teams, and vulnerability assessors who need to manage findings from hands-on security testing alongside automated scanning.

Ticketing integration

SystemIntegration type
JiraDirect ticket sync with bidirectional updates
ServiceNowVulnerability ticket creation
GitLabIssue creation from findings
SolarWindsIntegration available

Additional products

Beyond the open-source core, Faraday offers several commercial products:

ProductWhat it does
Faraday EnrichmentSmart scoring that prioritizes vulnerabilities using contextual data
Faraday CARTContinuous automated attack testing
Faraday OPSExternal attack surface mapping and monitoring
Faraday LabsOffensive security research services
Red Team ServicesApplication, network, hardware, and physical security assessments

Faraday actionable insights dashboard with vulnerability prioritization

Authentication and deployment

FeatureOptions
Authentication2FA, LDAP, SAML
DeploymentCloud or on-premises
APIRESTful API for automation
CLIfaraday-cli for terminal workflows

Faraday how it works showing the scanning and remediation workflow

Integrations

Vulnerability scanners
Nessus Nessus
OpenVAS OpenVAS
Qualys Qualys
Security testing
OWASP ZAP OWASP ZAP
Burp Suite Burp Suite
Metasploit Metasploit
Nuclei Nuclei
Semgrep Semgrep
Ticketing
Jira Jira
ServiceNow ServiceNow
GitLab GitLab

Getting started

1
Install via Dockerdocker compose up -d from the Faraday repository. The web UI launches on port 5985 with PostgreSQL as the backend.
2
Connect your scanners — Import results manually through the web UI, use Agents Dispatcher for remote automated scanning, or push results via the REST API.
3
Review and deduplicate — Faraday normalizes findings across all connected tools and removes duplicates. Group findings by severity, host, or service.
4
Route to ticketing — Connect Jira, ServiceNow, or GitLab to create tickets from findings. Track remediation status from inside Faraday.

CLI usage

# Install Faraday CLI
pip install faraday-cli

# Connect to your Faraday instance
faraday-cli auth -f https://your-faraday-instance -u admin

# Import scan results
faraday-cli tool report /path/to/nessus-report.nessus -w my-workspace

# List vulnerabilities
faraday-cli vuln list -w my-workspace --severity critical

When to use Faraday

Faraday is the go-to choice for offensive security teams, pentesting firms, and MSSPs that need centralized vulnerability management from hands-on testing alongside automated scanning. Its roots in the pentesting world show — the interface and workflows are designed around how security assessors actually work.

Best for
Penetration testing teams, red teams, and MSSPs that need to aggregate findings from 80+ security tools with remote scanning agents and ticketing integration.

If your focus is purely on development pipeline security (SAST/SCA in CI/CD), tools like DefectDojo or Jit are a better fit. Faraday shines when offensive security testing is a big part of your program.

Frequently Asked Questions

What is Faraday?
Faraday is an open-source vulnerability management platform with 6.2k GitHub stars that orchestrates 80+ security tools. It normalizes and deduplicates findings from vulnerability scanners, pentesting tools, and network scanners into a unified management interface.
Is Faraday free?
Faraday’s community edition is free and open-source under GPL-3.0. The company also offers paid products including Faraday Enrichment for smart vulnerability scoring, Faraday CART for continuous automated testing, and Faraday OPS for external attack surface mapping.
What tools does Faraday integrate with?
Faraday supports 80+ tools including Nessus, OpenVAS, Qualys for vulnerability scanning, OWASP ZAP and Burp Suite for DAST, Nmap and Masscan for network scanning, Metasploit and Nuclei for pentesting, and Semgrep for SAST.
How do I install Faraday?
The quickest method is Docker Compose. Faraday also supports installation via PyPI (pip install faradaysec), binary packages for Debian/RPM, and source installation. The platform uses PostgreSQL as its database backend and exposes a web interface on port 5985.
What is Faraday Agents Dispatcher?
Agents Dispatcher enables remote scanning by deploying lightweight agents that run scheduled or triggered scans across distributed environments. Results are imported into the central Faraday instance automatically, allowing horizontal scaling for large infrastructure.
How we review tools Suggest an edit

Other ASPM Tools

OX Security
OX Security

Active ASPM with PBOM

Aikido Security
Aikido Security

All-in-One AppSec with 95% Noise Reduction

Apiiro
Apiiro

#1 ASPM in Gartner Magic Quadrant 2025

ArmorCode
ArmorCode

AI-Powered Risk Correlation

See all ASPM tools

Complement with SAST

Pair posture management with static analysis for broader coverage.

Bandit
Bandit

Open-Source Python Scanner

Graudit
Graudit

Grep-Based Code Auditing

See all SAST tools

Learn More

AI-Generated Code Security API Security Testing Application Security Checklist AppSec Compliance Mapping

Comments

Powered by Giscus — comments are stored in GitHub Discussions.