Veracode Software Composition Analysis agent-based scanning integrates with many build systems. This section provides a list of the package managers and integrations that agent-based scanning supports.
Languages and Package Managers
Veracode SCA agent-based scanning identifies the open-source libraries that a project uses through a combination of package manager files and JAR identification. It supports these package managers:
- Java
-
- Maven
- Gradle
- Ant
- Ruby
-
- Bundler
- JavaScript
-
- NPM
- Bower
- Yarn
- PHP
-
- Composer
- Python
-
- pip
- Scala
-
- SBT
- Kotlin
-
- Maven
- Gradle
- C/C++
-
- Make
- Objective C
-
- CocoaPods
- Swift
-
- CocoaPods
- Go
-
- Go get (Go versions 1.15 and earlier)
- Go modules
- Govendor
- Godep
- Glide
- Trash
- .NET
-
- NuGet
- Docker
-
- yum (CentOS and RHEL containers only)
- pip
- NPM
- gem
- apk (Alpine containers only)
- apt (Debian and Ubuntu containers only)
For more details about the functionality available to each package manager, see Understanding the Agent-Based Scan Language Support Matrix.