SCA Reachability - Technical Requirements & Limitations
Repo Integration Support
Environments
Supported repository integrations: GitHub.com/GitHub Enterprise (Java/JS starting from version 24.3.2, Python starting from 24.10.1.1)
enableReachability configuration flag set to true in the scanSettings portion of the .whitesource file
Limitations
Regular scan completes without partial results errors
Java Language Support
Environments
Java source files (up to JDK 17) with supported extension (.java)
Maven and Gradle build projects
Improvements
Out-of-the-box support for multi-module projects, no need to run additional tools (e.g. xModuleAnalyzer)
No need to compile project to generate byte code, only sources directory and full dependency resolution are required
Reflection support for java.util.ServiceLoader
Limitations
The following dependency scopes are not analyzed:
provided
test
Reflection support is limited to the following types:
java.util.ServiceLoader
Dependency Injection support is limited to the following types:
org.springframework.beans.factory.annotation.Autowired
com.google.inject.Inject
javax.inject.Inject
JavaScript Language Support
Requirements
JavaScript/TypeScript source files with supported extensions (.js, .ts, .jsx, .tsx)
Successfully built NPM and Yarn projects (using the ‘npm install'/'yarn install' command)
Improvements
The user’s package.json file does not need to contain a “main” entry file path to a valid index.js file anymore, as was the case in the previous version of Prioritize.
Limitations
Reflection is not yet supported for JavaScript Reachability
Python Language Support
Requirements
Python source files with the supported extension (.py)
A successfully built project using one of the supported package managers
Limitations
Conda projects are not supported.
Poetry projects are only supported in the GitHub repo integrations from v24.10.3.
Supported Languages
Language | Package Manager | Details |
---|---|---|
Java | Gradle | Configuration file(s): build.gradle, settings.gradle |
Java | Maven | Configuration file(s): pom.xml, settings.xml |
JavaScript | npm | Configuration file(s): package.json, package-lock.json |
JavaScript | Yarn | Configuration file(s): package.json, yarn.lock |
JavaScript | Lerna (repo only) | Configuration file(s): |
JavaScript | pnpm (repo only) | Configuration file(s): |
Python | pip | Configuration file(s): requirements.txt |
Python | Pipenv | Configuration file(s): Pipfile & Pipfile.lock |
Python | Poetry | Configuration file(s): pyproject.toml, poetry.lock |
Tested Environments
The following operating systems were tested for Reachability analysis with the Mend CLI:
OS | Version |
---|---|
MacOS | 12 |
Ubuntu | 22.04 |
Windows Server | 2022 |