Scan behaviour matrix

The scanner works using a plugin architecture, so each scanner plugin have different capabilities and requirements. However, there are conditions that need to be met in order to any scanner plugin to work correctly.

Considering the following condition:

Condition
Explanation

Language

The language implemented by the plugin

Build Tool

The build tool used in the codebase

Valid build required?

Do we need the build to execute and complete successfully?

Tool required?

Do we need to execute the build tool installed?

Invalid dependency?

What happens if the project includes an invalid/unreachable dependency?

These are the level of support provided and the corresponding behaviour of the scanner

Language
Build Tool
Valid build required?
Tool required?
Invalid dependency?

conan

No (with lockfile)

No

Complete

lein

No

Yes

Complete

clojure

No

Yes

Complete

dart

No (with lockfile)

No (with lockfile)

Complete

mix

No (with lockfile)

No (with lockfile)

Complete

go

Yes

Yes

Failure

gradle

Yes

Yes

Complete

mvn

Yes

Yes

Complete

ant (+ivy)

No

No

Complete

sbt

Yes

Yes

Failure

dotnet

Yes

Yes

Complete

paket

No

No (with lockfile)

Complete

npm

No (with lockfile)

No (with lockfile)

Complete

pnpm

No (with lockfile)

No (with lockfile)

Complete

yarn

No (with lockfile)

No (with lockfile)

Complete

carton

No (with lockfile)

No (with lockfile)

Complete

composer

No (with lockfile)

No (with lockfile)

Complete

pipenv

No (with lockfile)

No (with lockfile)

Complete

poetry

No (with lockfile)

No (with lockfile)

Complete

requirements

No

Yes

Complete

R

No (with lockfile)

No (with lockfile)

Complete

bundle

Yes

Yes

Complete

cargo

No (with lockfile)

No (with lockfile)

Complete

cocoapods

No (with lockfile)

Yes

Failure

SwiftPm

No (with lockfile)

No (with lockfile)

Failure

none

No

No

Complete

Last updated

Was this helpful?