System requirements for SCA

The types of files that can be scanned by ASoC when you perform open source testing.

Language support

AppScan on Cloud strives to support as many open source packages as possible; we update CVE data daily. However, license information may not always be available for less common packages.

Note: For some package managers, you must be able to build the project before testing it with ASoC. Some dependencies are only resolved when the project is built.

Table 1.
Language and version	Supported source/binary file types	Package/Build manager and version	Package/Build manager supported config files
.NET	`.dll` `.exe` `.lib`	Nuget	The project is already built and all build outputs include `projects.assets.json` or `packages.lock.json`. OR .NET CLI and Nuget installed with the ability to `build` successfully and the project includes the build file `*.csproj`.
		Paket	The project is already built and all build outputs include packet.lock. OR .NET and Paket is installed with the ability to `install` and `restore` successfully, and the project includes the config files `paket.dependencies` and `paket.references`.
		.NET Framework 3.5, 4.6.2, 4.7.2, 4.8, 4.8.1 .NET 5, 6, 7, 8	For .NET only, SCA can analyze the configuration file before build, but the results will include only direct libraries and will be less accurate.
Java	`.ear` `.jar` `.war`	Java with Maven	Maven must be installed and the pom.xml project must be buildable.
Java	`.ear` `.jar` `.war`	Java/Kotlin with Gradle	`Gradle.lockfile` must exist for every project, OR Gradle must be installed with the ability to read and edit `build.gradle` or `build.gradle.kts` files.
JavaScript NodeJS	`.js`	NPM (version 5.0.0/2017 and newer)	Create the project after building. The project must include `package.json` and `package-lock.json` . OR NPM CLI is installed with the ability to run `npm install` and project includes the config file `package.json`.
JavaScript NodeJS	`.js`	Yarn Classic (versions 1.x) and Yarn Berry (versions 2.x, 3.x, and 4.x)	The project must include `package.json` and `yarn.lock`. OR Yarn CLI is installed with the ability to run `yarn` install and project includes the config file package `.json`.
Python (version 3.3 and newer)	`.py` `.whl` Note: When scanning `.py` and `.whl` files, the project should be built as a virtual environment (`verv`).	Pip (version 3.4 and newer)	Python and Pip installed `setup.py` `requirements.txt`
Python (version 3.3 and newer)		Poetry (all versions)	Create the project after building with the configuration files `pyproject.toml` and `poetry.lock`. OR Python and Poetry are installed with the ability to `poetry.lock` successfully, and project includes the config file `pyproject.toml`.
GO	`.go`	Go Modules (GO version 1.15 and later)	GO and GO CLI installed, and the project includes the config file `go.mod`.
PHP	`.php`	Composer	PHP and Composer must be installed, and a valid `composer.json` file must exist.
C/C++	`.c` `.cc` `.cpp` `.hpp` `.dll`	Conan	Conan must be installed, the project must be buildable, and a valid `conanfile.txt` or `conanfile.py` file must exist.

Note: AppScan on Cloud limits file uploads to 2GB.