Scanner Selection
Choose the right scanners for your security analysis needs. Different scanners find different vulnerabilities. The best approach combines multiple scanner...
Scanner Selection
Choose the right scanners for your security analysis needs.
Scanner Selection Strategy
Different scanners find different vulnerabilities. The best approach combines multiple scanner types for comprehensive coverage.
Scanner Types
| Type | Finds | Examples |
|---|---|---|
| Static Analysis | Known patterns, code smells | Slither, Aderyn, SolidityDefend |
| Fuzzing | Edge cases, runtime bugs | Echidna, Medusa |
| Symbolic Execution | Mathematical proofs | Mythril, Halmos |
| Linting | Code quality issues | Solhint |
Recommended Presets
For Development
Use: Quick Scan
- Fast feedback loop
- Catches obvious issues
- Doesn't slow down development
Scanners: Slither, Aderyn, Solhint
For Pull Requests
Use: Standard Scan
- Balanced coverage
- Reasonable time
- Good for CI/CD gates
Scanners: Slither, Aderyn, Semgrep, Solhint, Wake
For Pre-Audit
Use: Deep Scan
- Maximum coverage
- All scanner types
- Worth the extra time
Scanners: All available scanners
Scanner Comparison
Static Analyzers
| Scanner | Detectors | Speed | Best For |
|---|---|---|---|
| Slither | 93 | Fast | General coverage |
| Aderyn | 88 | Very fast | Quick feedback |
| SolidityDefend | 204+ | Medium | Maximum coverage |
| Semgrep | 47 | Fast | Custom patterns |
| Wake | - | Fast | Framework projects |
Fuzzers
| Scanner | Type | Speed | Best For |
|---|---|---|---|
| Echidna | Property-based | Slow | Invariant testing |
| Medusa | Parallel | Medium | Faster fuzzing |
| Moccasin | Vyper fuzzer | Medium | Vyper contracts |
Symbolic Execution
| Scanner | Type | Speed | Best For |
|---|---|---|---|
| Mythril | Symbolic | Slow | Deep analysis |
| Halmos | Symbolic | Slow | Mathematical proofs |
Choosing by Contract Type
Simple Token
Recommended: Quick or Standard
A basic ERC20/ERC721 likely has known patterns:
- Slither catches common issues
- Aderyn provides fast analysis
- SolidityDefend adds depth
DeFi Protocol
Recommended: Deep
Complex financial logic needs:
- Full static analysis suite
- Fuzzing for edge cases
- Symbolic execution for math
Upgradeable Contracts
Recommended: Standard + SolidityDefend
Proxy patterns have specific risks:
- Storage collision checks
- Initialization issues
- Upgrade safety
Multi-Contract System
Recommended: Deep (project mode)
Cross-contract interactions need:
- Project-aware scanners (Wake)
- Full dependency analysis
- Fuzzing with all contracts
Choosing by Goal
Find Bugs Quickly
Use: Slither + Aderyn
Both are fast and catch most common issues.
Maximum Coverage
Use: Deep Scan (all scanners)
Some bugs are only found by specific scanners.
Audit Preparation
Use: Deep Scan + Review All Findings
Run everything, then triage carefully.
CI/CD Pipeline
Use: Quick or Standard
Balance coverage with build time.
Scanner Dependencies
Project-Only Scanners
These require project uploads (not single files):
| Scanner | Why |
|---|---|
| Echidna | Needs test harness |
| Medusa | Needs test harness |
| Halmos | Needs test context |
| Moccasin | Needs Vyper project |
Language-Specific
| Scanner | Languages |
|---|---|
| Slither | Solidity, Vyper |
| Vyper analyzer | Vyper only |
| Moccasin | Vyper only |
| Sol-azy | Rust/Solana |
Coverage vs Speed
Fast (< 2 minutes)
- Slither, Aderyn, Solhint, Semgrep
Medium (2-10 minutes)
- Wake, SolidityDefend, Medusa
Slow (10+ minutes)
- Mythril, Echidna, Halmos
Optimization Tips
- Use Quick for development - Fast feedback
- Use Standard for CI - Balanced
- Use Deep before releases - Maximum coverage
- Skip slow scanners in CI - Add them nightly instead
Custom Scanner Sets
Saving Custom Sets
- Select your preferred scanners
- Click Save as Preset
- Name your preset
- Reuse on future scans
Team Presets
On team plans:
- Admins can create team presets
- Apply across organization
- Ensure consistent scanning
Scanner Effectiveness
View Effectiveness Data
Go to Analytics → Scanner Effectiveness to see:
- Which scanners found issues
- Finding distribution by scanner
- False positive rates
Use Data to Optimize
If a scanner:
- Finds many issues → Keep using it
- Has high false positives → Consider removing
- Never finds anything → May be redundant
FAQ
Q: Should I always run all scanners?
A: Not necessarily. For daily development, Quick is fine. Use Deep for important releases.
Q: Why are fuzzing scanners grayed out?
A: Fuzzers need project mode. Upload a ZIP with test harnesses.
Q: Does scanner order matter?
A: No. All selected scanners run in parallel.
Q: Can I add custom scanners?
A: Enterprise plans support custom scanner integration.
Next Steps
- Scanner Catalog - Detailed scanner info
- Starting a Scan - Run your scan
- Scan Status - Monitor progress