Static analysis language support

The types of files that can be scanned by AppScan 360° when you perform static analysis.

Language support

Language Supported file types Frameworks and library support Autofix* Operating system support
.NET (C#, ASP.NET, VB.NET) Default:
  • Visual Studio solutions
  • .NET assemblies
  • .NET Core

ASP .NET MVC (3, 4, 5, 6, 7, and 8)

 Yes Windows
Source code-only:
  • .aspx
  • .ascx
  • .cs
  • .vb
  • .vbs

ASP .NET MVC (3, 4, 5, 6, 7, and 8)

 Yes All supported operating systems
ABAP
  • .abap
 Not applicable No All supported operating systems
Android
  • .java
  • .kt
 Not applicable Yes All supported operating systems
Angular
  • .ts
  • .tsx
 Not applicable Yes All supported operating systems
AngularJS
  • .js
 Not applicable No All supported operating systems
APEX
  • .cls
  • .page
 Not applicable Yes All supported operating systems
ASP Classic
  • .asp
  • .asa
  • .inc
 Not applicable Yes All supported operating systems
C/C++ Default:
  • Visual Studio solutions
Note: See "Microsoft Visual Studio support" for important additional information.
 Not applicable Yes Windows
Source code-only:
  • .c
  • .cpp
  • Makefile
  • GNUMakefile
 Not applicable Yes All supported operating systems
Cascading style sheets
  • css
 Not applicable No All supported operating systems
COBOL
  • .cob
  • .cbl
  • .ws
  • .sqb
 Not applicable Yes All supported operating systems
ColdFusion
  • .cfc
  • .cfm
 Not applicable Yes All supported operating systems
Dart
  • .dart
 Not applicable Yes All supported operating systems
eSQL
  • .esql
 Not applicable Yes All supported operating systems
Go
  • .go
 Not applicable Yes All supported operating systems
Groovy
  • .groovy
  • .gsp
  • .gvy
  • .gy
  • .gsh
 Not applicable Yes All supported operating systems
Infrastructure as Code (IaC)
  • .bat
  • .sh
  • .yaml
  • .yml
  • Dockerfile
  • Docker
  • Kubernetes
 Yes All supported operating systems
Terraform:
  • .tf
  • .tf.json
  • AWS
  • Google Cloud
  • Azure
 Yes All supported operating systems
Java and Java web content
  • .class
  • .jar
  • .war
  • .ear
  • Enterprise JavaBeans™ (EJB) 2
  • JavaServer Faces (JSF) 2
  • Jax - RS (1.0 and 1.1)
  • Jax - WS (2.2)
  • Spring MVC (2.5, 3, and 4)
  • SpringBoot (using the Spring v3 annotations)
 Yes All supported operating systems
Source code-only:
  • .java
  • .jsp
  • .jspx
  • .jspf
 Not applicable Yes All supported operating systems
JavaScript
  • .asp
  • .aspx
  • .asa
  • .hbs
  • .htm
  • .html
  • .inc
  • .js
  • .jsf
  • .jsp
  • .jspx
  • .jspi
  • .php*
  • .rhtml
  • .rjs
  • .svg
  • .ts
  • .tsx
  • .wlapp
  • .xhtml
  • Ionic
  • JQuery
  • MooTools
 Yes All supported operating systems
Kotlin
  • .kt
 Not applicable Yes All supported operating systems
NodeJS
  • .js
 Not applicable Yes All supported operating systems
Objective-C/Objective-C++
  • .m
  • .mm
 Not applicable Yes All supported operating systems
Perl
  • .cgi
  • .pl
  • .pm
  • .t
 Not applicable No All supported operating systems
PHP
  • .ctp
  • .php
  • .php*
  • .phtm
  • .phps
  • .htaccess
  • .html
  • .inc
  • .module
  • .xml
  • .yaml
  • .yml
 Symfony Yes All supported operating systems
PL/SQL
  • .arc
  • .dbf
  • .lst
  • .pck
  • .pkb
  • .pks
  • .plb
  • .pls
  • .rdo
  • .sf
  • .sp
  • .spb
  • .sps
  • .sql
  • .tst
 Not applicable No All supported operating systems
Python
  • .py
  • .pyt
  • .pyw
  • Django
  • Flask
 Yes All supported operating systems
ReactJS
  • .js
 Not applicable No All supported operating systems
ReactNative
  • .js
 Not applicable No All supported operating systems
RPG
  • .rpg
  • .rpgl
  • .rpgle
  • .sqlrpgle
 Not applicable No All supported operating systems
Ruby
  • .gem
  • .rb
  • .rhtml
  • .rjs
 Not applicable Yes All supported operating systems
Rust
  • .rs
  • .json
  • .json5
  • .toml
 Not applicable No All supported operating systems
Scala
  • .scala
  • .sc
 Not applicable Yes All supported operating systems
Swift
  • .plist
  • .swift
 Not applicable Yes All supported operating systems
TSQL
  • .arc
  • .dbf
  • .lst
  • .rdo
  • .sql
 Not applicable No All supported operating systems
TypeScript
  • .ts
  • .tsx
 Not applicable Yes All supported operating systems
Visual Basic
  • .bas
  • .cls
  • .frm
 Not applicable Yes All supported operating systems
Vue.js
  • .vue
 Not applicable No All supported operating systems
Xamarin
  • .cs
 Not applicable Yes All supported operating systems

*Autofix is avalable for certain findings.

Note: Additional file extensions can be added in SAClientUtil/config/file_extensions.xml.

You can scan all supported languages from the static analysis command line interface (CLI). In addition, you can scan .NET projects in Visual Studio you can scan .NET.

File upload types by language for AppScan 360° Static Analysis

Common user workflows for AppScan 360° Static Analysis include:
  • Upload source code and build artifacts
  • Generate IRX locally and upload IRX
Based on the language being scanned, the following table lists the file upload types for the these workflows:
Important: The filename must contain ASCII characters only.
Language Upload source code Upload source code + build artifacts Upload IRX (generate IRX locally)
C/C++ To scan file types listed as "source code-only" in the language support table. To scan byte code file types listed under default content in the language support table.
Java and Java web content N/A

  • .jar

    Customize scan target and dependencies using config file.

  • .class

    Archive directory structure containing the class files,

  • .war
    Note: Tomcat is the default JSP compiler.

  • .ear

  • .jar and .class, when all dependencies cannot be included in the archive
  • .war, if JSP compile requires a webserver other than Tomcat
.NET To scan file types listed as "source code-only" in the language support table. To scan byte code file types listed under default content in the language support table.
Others

Always. appscan-config is not needed.

Archive must contain the entire directory structure of the target code to be scanned.