Meterian
  • Meterian
    • The Platform
    • SSO and MFA
    • Support
  • Codebase scanner
    • The Thin Client
      • How does the client work?
      • How does the client authenticate me?
      • How do I get the client?
      • What if I need a previous release?
      • Use the thin client on Windows
    • Using the client from your command line
      • Authorization in interactive mode
      • Interrupting the client
      • Example: running the client in interactive mode
    • Using the client in your CI/CD pipeline
      • Authorization in non-interactive mode
      • Providing the project branch
      • Concurrent mode
      • Two phases build
      • Controlling the exit code
      • Example: running the client in non-interactive mode
    • General operations
      • Running the analysis remotely
      • Interrupting the client
      • Generating a report
      • Forcing or avoiding specific scans
      • Excluding (and including) specific folders
      • Connecting through a proxy
    • System requirements
    • Command line parameters
      • General configuration
      • Overriding scores
      • Overriding scopes
      • Producing reports
      • Selecting scanners
      • Defining projects
      • Advanced options
        • Autofix
        • Pull Requests
      • System information
      • Specific controls
        • Maven specific controls
        • Dotnet specific controls
        • Npm/Yarn specific controls
        • Gradle specific controls
        • Ant/Ivy specific controls
    • The Dockerized Client
      • Basic usage
      • Advanced usage
        • Invoking via Docker
        • Platform-specific images
        • Usage on a CI/CD platform
        • Disable the client auto-update
      • Troubleshooting
        • Client auto update failure
        • Docker specifics
    • How scores work
    • Guide: your first scan!
      • Your first scan (java thin client)
      • Your first scan (dockerized client)
      • Your first scan (GitHub Action)
  • Scan behaviour matrix
  • THE METERIAN DASHBOARD
    • The Web Dashboard
      • Projects
      • Insights
      • Tokens
      • Badges
      • Policies
      • Tags
      • Teams
      • Configuration
        • Automatic Temporary Branches Clean-up
    • Advanced functionalities
      • Multi-factor Authentication
      • Safe versions
      • Software Bill Of Materials (SBOM)
      • Auto-grouping
        • Domain auto-grouping
        • Github auto-grouping
      • How to set a vulnerability exclusion
        • From the report page
        • From the dashboard
        • The .meterian file
        • Generate the .meterian file
    • Troubleshooting
      • Login with credentials
  • Notifications
    • Sentinel
      • Notifications for Slack
      • Notifications for Email
    • Allerta
  • Github Badges
    • Introduction
    • Public repository
    • Private repository
  • ONLINE INTEGRATIONS
    • Introduction
    • GitHub Action
      • Using the Thin Client
      • Code scanning
    • Bitbucket Pipe
    • Azure DevOps Pipelines
  • Languages support
    • Introduction
    • C/C++
    • Clojure
    • Dart / Flutter
    • Elixir (erlang)
    • Golang
    • Java/Kotlin/Scala
      • Scanning EAR or WAR files
    • Javascript
    • .NET
      • Scanning DLLs
    • NodeJS
    • Perl
    • PHP
    • Python
    • R
    • Ruby
    • Rust
    • Swift / Objective-C
    • Generic (third party)
  • Special platfoms
  • Unity Packages
  • Jupyter Notebooks
    • License detection
  • Yocto license manifests
  • Container scanner
    • Container Scanner
      • Introduction
      • General usage
      • Command line parameters
        • General configuration
        • Overriding scores
        • Producing reports
        • Defining projects
        • Advanced Options
        • System information
      • How to set a vulnerability exclusion
  • IaC SCANNER
    • Introduction
    • General usage
    • Command line parameters
      • Producing reports
      • Defining projects
    • Policy management page
    • How to set a vulnerability exclusion
  • CI INTEGRATIONS
    • Introduction
    • AWS CodeBuild
    • Azure DevOps
      • Using the Docker image
      • Using the Java Thin client
    • Bamboo
    • Bitrise
    • CircleCI
    • CodeShip
    • Concourse CI
    • Generic CI
    • GitLab CI/CD
      • Docker-in-Docker configuration
      • Meterian Docker image configuration
      • Non-Meterian Docker image configuration
    • Jenkins
      • Pipeline
    • TeamCity
    • TravisCI
  • DevOps Integrations
    • GitLab Ultimate
    • SonarQube
      • Compatibility
      • Download and installation
      • Plugin properties
      • Usage
      • Report page
  • Management Platforms
    • Threadfix
    • DefectDojo
      • Uploading from a CI
    • Armorcode
    • Jira
  • Dedicated Instance
    • Introduction
    • On Cloud (MC/CC)
    • On Premises (OP)
      • Requirements and install
      • Managing the system
        • Admin dashboard
        • Managing your license
        • Managing accounts
    • Using the scanners
      • Thin client
      • Dockerized client
      • Container Scanner
      • IaC Scanner
  • Meterian API
  • API basics
  • Authorizing the APIs
  • Account APIs
    • Knowing your account
    • Listing your projects
  • Samples
  • Guides
    • Managing teams and members
    • Generating reports via APIs
Powered by GitBook
On this page

Was this helpful?

Scan behaviour matrix

The scanner works using a plugin architecture, so each scanner plugin have different capabilities and requirements. However, there are conditions that need to be met in order to any scanner plugin to work correctly.

Considering the following condition:

Condition
Explanation

Language

The language implemented by the plugin

Build Tool

The build tool used in the codebase

Valid build required?

Do we need the build to execute and complete successfully?

Tool required?

Do we need to execute the build tool installed?

Invalid dependency?

What happens if the project includes an invalid/unreachable dependency?

These are the level of support provided and the corresponding behaviour of the scanner

Language
Build Tool
Valid build required?
Tool required?
Invalid dependency?

conan

No (with lockfile)

No

Complete

lein

No

Yes

Complete

clojure

No

Yes

Complete

dart

No (with lockfile)

No (with lockfile)

Complete

mix

No (with lockfile)

No (with lockfile)

Complete

go

Yes

Yes

Failure

gradle

Yes

Yes

Complete

mvn

Yes

Yes

Complete

ant (+ivy)

No

No

Complete

sbt

Yes

Yes

Failure

dotnet

Yes

Yes

Complete

paket

No

No (with lockfile)

Complete

npm

No (with lockfile)

No (with lockfile)

Complete

pnpm

No (with lockfile)

No (with lockfile)

Complete

yarn

No (with lockfile)

No (with lockfile)

Complete

carton

No (with lockfile)

No (with lockfile)

Complete

composer

No (with lockfile)

No (with lockfile)

Complete

pipenv

No (with lockfile)

No (with lockfile)

Complete

poetry

No (with lockfile)

No (with lockfile)

Complete

requirements

No

Yes

Complete

R

No (with lockfile)

No (with lockfile)

Complete

bundle

Yes

Yes

Complete

cargo

No (with lockfile)

No (with lockfile)

Complete

cocoapods

No (with lockfile)

Yes

Failure

SwiftPm

No (with lockfile)

No (with lockfile)

Failure

none

No

No

Complete

PreviousYour first scan (GitHub Action)NextThe Web Dashboard

Last updated 1 month ago

Was this helpful?

C/C++
Clojure
Clojure
Dart/Flutter
Elixir
Golang
Java
Java
Java
Scala
.NET
.NET
NodeJS
NodeJS
NodeJS
Perl
PHP
Python
Python
Python
R
Ruby
Rust
Swift / Objective-C
Swift / Objective-C
VanillaJS