About Supported Languages and Tools for Agent-Based Scans

Veracode Software Composition Analysis agent-based scanning integrates with many build systems. This section provides a list of the package managers and integrations that agent-based scanning supports.

Languages and Package Managers

Veracode SCA agent-based scanning identifies the open-source libraries that a project uses through a combination of package manager files and JAR identification. It supports these package managers:

Java

• Maven
• Gradle
• Ant

Ruby

• Bundler

JavaScript

• NPM
• Bower
• Yarn

PHP

• Composer

Python

• pip

Scala

• SBT

Kotlin

• Maven
• Gradle

C/C++

• Make

Objective C

• CocoaPods

Swift

• CocoaPods

Go

• Go get (Go versions 1.15 and earlier)
• Go modules
• Govendor
• Godep
• Glide
• Trash

.NET

• NuGet

Docker

• yum (CentOS and RHEL containers only)
• pip
• NPM
• gem
• apk (Alpine containers only)
• apt (Debian and Ubuntu containers only)

For more details about the functionality available to each package manager, see Understanding the Agent-Based Scan Language Support Matrix.

Continuous Integration Tools

• Atlassian Bamboo
• Bitbucket Pipelines
• CircleCI
• Codeship Basic
• Codeship Pro
• GitLab CI
• Jenkins Shell
• Travis CI

Issue Trackers

• GitHub Issues
• Jira On-Premise
• Jira Cloud