Skip to main content
Skip table of contents

SCA Reachability - Technical Requirements & Limitations

Repo Integration Support

Environments

  • Supported repository integrations: GitHub.com/GitHub Enterprise (Java/JS starting from version 24.3.2, Python starting from 24.10.1.1)

  • enableReachability configuration flag set to true in the scanSettings portion of the .whitesource file

Limitations

  • Regular scan completes without partial results errors 

Java Language Support

Environments

  • Java source files (up to JDK 17) with supported extension (.java)

  • Maven and Gradle build projects

Improvements

  • Out-of-the-box support for multi-module projects, no need to run additional tools (e.g. xModuleAnalyzer)

  • No need to compile project to generate byte code, only sources directory and full dependency resolution are required

  • Reflection support for java.util.ServiceLoader

Limitations

  • The following dependency scopes are not analyzed:

    • provided

    • test

  • Reflection support is limited to the following types:

    • java.util.ServiceLoader

  • Dependency Injection support is limited to the following types:

    • org.springframework.beans.factory.annotation.Autowired

    • com.google.inject.Inject

    • javax.inject.Inject

JavaScript Language Support

Requirements

  • JavaScript/TypeScript source files with supported extensions (.js, .ts, .jsx, .tsx)

  • Successfully built NPM and Yarn projects (using the ‘npm install'/'yarn install' command)

Improvements

  • The user’s package.json file does not need to contain a “main” entry file path to a valid index.js file anymore, as was the case in the previous version of Prioritize.

Limitations

  • Reflection is not yet supported for JavaScript Reachability

Python Language Support

Requirements

  • Python source files with the supported extension (.py)

  • A successfully built project using one of the supported package managers

Limitations

  • Conda projects are not supported.

  • Poetry projects are only supported in the GitHub repo integrations from v24.10.3.

Supported Languages

Language

Package Manager

Details

Java

Gradle

Configuration file(s): build.gradle, settings.gradle

Java

Maven

Configuration file(s): pom.xml, settings.xml

JavaScript

npm

Configuration file(s): package.json, package-lock.json

JavaScript

Yarn

Configuration file(s): package.json, yarn.lock

JavaScript

Lerna (repo only)

Configuration file(s): lerna.json

JavaScript

pnpm (repo only)

Configuration file(s): pnpm-lock.yaml

Python

pip

Configuration file(s): requirements.txt

Python

Pipenv

Configuration file(s): Pipfile & Pipfile.lock

Python

Poetry

Configuration file(s): pyproject.toml, poetry.lock

Supported versions of each language or package manager are listed here.

Tested Environments

The following operating systems were tested for Reachability analysis with the Mend CLI:

OS

Version

MacOS

12

Ubuntu

22.04

Windows Server

2022

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.