Scan behaviour matrix
The scanner works using a plugin architecture, so each scanner plugin have different capabilities and requirements. However, there are conditions that need to be met in order to any scanner plugin to work correctly.
Considering the following condition:
Language
The language implemented by the plugin
Build Tool
The build tool used in the codebase
Valid build required?
Do we need the build to execute and complete successfully?
Tool required?
Do we need to execute the build tool installed?
Invalid dependency?
What happens if the project includes an invalid/unreachable dependency?
These are the level of support provided and the corresponding behaviour of the scanner
conan
No (with lockfile)
No
Complete
lein
No
Yes
Complete
clojure
No
Yes
Complete
dart
No (with lockfile)
No (with lockfile)
Complete
mix
No (with lockfile)
No (with lockfile)
Complete
go
Yes
Yes
Failure
gradle
Yes
Yes
Complete
mvn
Yes
Yes
Complete
ant (+ivy)
No
No
Complete
sbt
Yes
Yes
Failure
dotnet
Yes
Yes
Complete
paket
No
No (with lockfile)
Complete
npm
No (with lockfile)
No (with lockfile)
Complete
pnpm
No (with lockfile)
No (with lockfile)
Complete
yarn
No (with lockfile)
No (with lockfile)
Complete
carton
No (with lockfile)
No (with lockfile)
Complete
composer
No (with lockfile)
No (with lockfile)
Complete
pipenv
No (with lockfile)
No (with lockfile)
Complete
poetry
No (with lockfile)
No (with lockfile)
Complete
requirements
No
Yes
Complete
R
No (with lockfile)
No (with lockfile)
Complete
bundle
Yes
Yes
Complete
cargo
No (with lockfile)
No (with lockfile)
Complete
cocoapods
No (with lockfile)
Yes
Failure
SwiftPm
No (with lockfile)
No (with lockfile)
Failure
none
No
No
Complete
Last updated
Was this helpful?