About Supported Languages and Tools for Agent-Based Scans

Getting Started with Veracode

Veracode Software Composition Analysis agent-based scanning integrates with many build systems. This section provides a list of the package managers and integrations that agent-based scanning supports.

Languages and Package Managers

Veracode SCA agent-based scanning identifies the open-source libraries that a project uses through a combination of package manager files and JAR identification. It supports these package managers:

Java
  • Maven
  • Gradle
  • Ant
Ruby
  • Bundler
JavaScript
  • NPM
  • Bower
  • Yarn
PHP
  • Composer
Python
  • pip
Scala
  • SBT
Kotlin
  • Maven
  • Gradle
C/C++
  • Make
Objective C
  • CocoaPods
Swift
  • CocoaPods
Go
  • Go get (Go versions 1.15 and earlier)
  • Go modules
  • Govendor
  • Godep
  • Glide
  • Trash
.NET
  • NuGet
Docker
  • yum (CentOS and RHEL containers only)
  • pip
  • NPM
  • gem
  • apk (Alpine containers only)
  • apt (Debian and Ubuntu containers only)

For more details about the functionality available to each package manager, see Understanding the Agent-Based Scan Language Support Matrix.