SCA Reachability - Technical Requirements & Limitations

Supported repository integrations: GitHub.com/GitHub Enterprise (Java/JS starting from version 24.3.2, Python starting from 24.10.1.1)
enableReachability configuration flag set to true in the scanSettings portion of the .whitesource file

Out-of-the-box support for multi-module projects, no need to run additional tools (e.g. xModuleAnalyzer)
No need to compile project to generate byte code, only sources directory and full dependency resolution are required
Reflection support for java.util.ServiceLoader

The following dependency scopes are not analyzed:
- provided
- test
Reflection support is limited to the following types:
- java.util.ServiceLoader
Dependency Injection support is limited to the following types:
- org.springframework.beans.factory.annotation.Autowired
- com.google.inject.Inject
- javax.inject.Inject

JavaScript/TypeScript source files with supported extensions (.js, .ts, .jsx, .tsx)
Successfully built NPM and Yarn projects (using the ‘npm install'/'yarn install' command)

The user’s package.json file does not need to contain a “main” entry file path to a valid index.js file anymore, as was the case in the previous version of Prioritize.

Conda projects are not supported.
Poetry projects are only supported in the GitHub repo integrations from v24.10.3.

Language	Package Manager	Details
Java	Gradle	Configuration file(s): build.gradle, settings.gradle
Java	Maven	Configuration file(s): pom.xml, settings.xml
JavaScript	npm	Configuration file(s): package.json, package-lock.json
JavaScript	Yarn	Configuration file(s): package.json, yarn.lock
Python	pip	Configuration file(s): requirements.txt
Python	Pipenv	Configuration file(s): Pipfile & Pipfile.lock
Python	Poetry	Configuration file(s): pyproject.toml, poetry.lock

The following operating systems were tested for Reachability analysis with the Mend CLI: