View your SCA Reachability Results in the Legacy SCA Application UI
Overview
Viewing results in the Legacy SCA UI
In the Legacy SCA application’s user interface, reachable vulnerabilities will be denoted by a RED shield while unreachable vulnerabilities will be denoted by a GREEN shield. This behavior will remain consistent for Reachability results coming from both Mend CLI scans and GitHub repo integration scans.
The Reachability data is available in the Security Alerts: View By Vulnerability report.
Reference
Mend SCA Reachability - supported languages
The Reachability Supported column in the table below indicates which languages and package managers are Reachability-supported.
Language (Package Manager) | Package Manager Versions | Language | Reachability Supported | Exclusion | Repo Integration Parameter |
|---|---|---|---|---|---|
C/C++ (Conan) | Conan 2.12+ | ✔️ | MEND_SCA_CONAN_RESOLVEDEPENDENCIES | conan.resolveDependencies | |
C# (.NET) | N/A | .NET 5.0.x, 6.0.x, 7.0.x, 8.0.x, 9.0.x, 10.0.x | ✔️ | MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES | nuget.resolveDependencies |
C# (.NET Framework) | N/A | .NET 4.8 | X | MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES | nuget.resolveDependencies |
Go | Modules | Golang 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x, 1.23.x | X | MEND_SCA_GO_RESOLVEDEPENDENCIES / WS_GO_MODULES_RESOLVEDEPENDENCIES | go.modules.resolveDependencies |
HTML | N/A | N/A | X | N/A | html.resolveDependencies |
Java (Maven) | Maven 3.2.5, 3.3.x, 3.5.x, 3.6.x, 3.8.x, 3.9.x | Java 8.x, 11.x, 17.x, 21.x | ✔️ | MEND_SCA_MAVEN_RESOLVEDEPENDENCIES / WS_MAVEN_RESOLVEDEPENDENCIES | maven.resolveDependencies |
Java (Gradle) |
|
| ✔️ | MEND_SCA_GRADLE_RESOLVEDEPENDENCIES / WS_GRADLE_RESOLVEDEPENDENCIES | gradle.resolveDependencies |
Java (sbt) | SBT 1.8 | Java 8.x, 11.x, 17.x, 21.x | X | MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES | sbt.resolveDependencies |
JavaScript (Bower) | Bower 1.8.x | Node.js 18.x | X | N/A | bower.resolveDependencies |
JavaScript (npm) |
|
| ✔️ | MEND_SCA_NPM_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES | npm.resolveDependencies |
JavaScript (pnpm) |
|
| ✔️ | N/A | npm.resolveDependencies |
JavaScript (Yarn) |
|
| ✔️ | MEND_SCA_YARN_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES | npm.resolveDependencies |
PHP (Composer) | composer 2.2.x, 2.3.x, 2.4.x, 2.5.x, 2.6.x | PHP 7.x, 8.x | X | MEND_SCA_PHP_RESOLVEDEPENDENCIES / WS_PHP_RESOLVEDEPENDENCIES | php.resolveDependencies |
Python (conda) | 2023.x, 2024.x | Python 3.x | ✔️ | N/A | conda.resolveDependencies |
Python (pip) | pip 20.x, 21.x, 22.x, 23.x | Python 3.x | ✔️ | MEND_SCA_PIP_RESOLVEDEPENDENCIES / | python.resolveDependencies |
Python (pipenv) | 2020.11.x, 2021.5.x, 2022.1.x, 2023.6.x, 2023.7.x | Python 3.x | ✔️ | N/A | python.resolveDependencies |
Python (Poetry) | poetry 1.1.x, 1.2.x, 1.3.x, 1.4.x, 1.8.x, 2.x | Python 3.x | ✔️ | N/A | python.resolveDependencies |
Python (uv) | All versions *Versions older than 0.4.3.0 are not supported in repository integrations | Python 3.x | ✔️ | MEND_SCA_UV_RESOLVEDEPENDENCIES | uv.resolveDependencies |
R (Packrat) | packrat 0.6.x | R 3.3.x, 4.1.x, 4.2.x | X | N/A | r.resolveDependencies |
Ruby (Bundler) | Bundler 2.2.x, 2.3.x, 2.4.x | Ruby 2.x, 3.x | X | MEND_SCA_RUBY_RESOLVEDEPENDENCIES / WS_RUBY_RESOLVEDEPENDENCIES | ruby.resolveDependencies |
Scala (sbt) | SBT 1.4.x, 1.5.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x | Scala 2.13.x, 3.3.x, 3.5.x | X | MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES | sbt.resolveDependencies |
Swift (SwiftPM) | SwiftPM 5.8.x, 5.9.x, 6.0.x | N/A | X | MEND_SCA_SWIFT_RESOLVEDEPENDENCIES /WS_SWIFT_RESOLVEDEPENDENCIES | swift.resolveDependencies |
Swift & Objective C (CocoaPods) |
|
| X | N/A | cocoapods.resolveDependencies |
Mend Reachability - tested environments
The following operating systems were tested for scanning dependencies for reachability with Mend CLI.
OS | Version |
|---|---|
MacOS | 12 |
Ubuntu | 22.04 |
Windows Server | 2022 |