Veracode Software Composition Analysis features are available for several programming languages, which all have specific requirements for performing scans.
For the detailed list of supported tools and languages, see About Supported Languages and Tools for Agent-Based Scans and Understanding Language Support for Veracode SCA Upload Scans.
- Java
- To assess the security risk of open-source components in your Java code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Plugins are available to automate scanning of Gradle or Maven repositories for Java applications. Sample Java repositories are available in GitHub to demonstrate how to run agent-based scans.
- .NET
- To assess the security risk of open-source components in your .NET code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline.
- JavaScript
- To assess the security risk of open-source components in your JavaScript code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample JavaScript repositories are available in GitHub to demonstrate how to run agent-based scans.
- PHP
- To assess the security risk of open-source components in your PHP code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline.
- Scala
- To assess the security risk of open-source components in your Scala code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample Scala repositories are available in GitHub to demonstrate how to run agent-based scans.
- Kotlin
- To assess the security risk of open-source components in your Kotlin code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Plugins are available to automate scanning of Gradle or Maven repositories for Kotlin applications. Sample Kotlin repositories are available in GitHub to demonstrate how to run agent-based scans.
- Objective-C
- To assess the security risk of open-source components in your Objective-C code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample Objective-C repositories are available in GitHub to demonstrate how to run agent-based scans.
- Swift
- To assess the security risk of open-source components in your Swift code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample Swift repositories are available in GitHub to demonstrate how to run agent-based scans.
- Ruby
- To assess the security risk of open-source components in your Ruby code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample Ruby repositories are available in GitHub to demonstrate how to run agent-based scans.
- Python
- To assess the security risk of open-source components in your Python code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample Python repositories are available in GitHub to demonstrate how to run agent-based scans.
- Go
- To assess the security risk of open-source components in your Go code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Sample Go repositories are available in GitHub to demonstrate how to run agent-based scans.
- C/C++
- To assess the security risk of open-source components in your C or C++ code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline.