Scan behaviour matrix

The scanner works using a plugin architecture, so each scanner plugin have different capabilities and requirements. However, there are conditions that need to be met in order to any scanner plugin to work correctly.

Considering the following condition:

Condition

Explanation

Language

The language implemented by the plugin

Build Tool

The build tool used in the codebase

Valid build required?

Do we need the build to execute and complete successfully?

Tool required?

Do we need to execute the build tool installed?

Invalid dependency?

What happens if the project includes an invalid/unreachable dependency?

These are the level of support provided and the corresponding behaviour of the scanner

Language

Build Tool

Valid build required?

Tool required?

Invalid dependency?

C/C++

conan

No (with lockfile)

Complete

Clojure

lein

Yes

Complete

Clojure

clojure

Yes

Complete

Dart/Flutter

dart

No (with lockfile)

Complete

Elixir

mix

No (with lockfile)

Complete

Golang

Yes

Failure

Java

gradle

Yes

Complete

Java

mvn

Yes

Complete

Java

ant (+ivy)

Complete

Scala

sbt

Yes

Failure

.NET

dotnet

Yes

Complete

.NET

paket

No (with lockfile)

Complete

NodeJS

npm

No (with lockfile)

Complete

NodeJS

pnpm

No (with lockfile)

Complete

NodeJS

yarn

No (with lockfile)

Complete

Perl

carton

No (with lockfile)

Complete

PHP

composer

No (with lockfile)

Complete

Python

pipenv

No (with lockfile)

Complete

Python

poetry

No (with lockfile)

Complete

Python

requirements

Yes

Complete

No (with lockfile)

Complete

Ruby

bundle

Yes

Complete

Rust

cargo

No (with lockfile)

Complete

Swift / Objective-C

cocoapods

No (with lockfile)

Yes

Failure

Swift / Objective-C

SwiftPm

No (with lockfile)

Failure

VanillaJS

none

Complete

PreviousYour first scan (GitHub Action)NextThe Web Dashboard

Last updated 22 days ago

Was this helpful?