Breadcrumbs

View your SCA Reachability Results in the Legacy SCA Application UI

Overview

Viewing results in the Legacy SCA UI

In the Legacy SCA application’s user interface, reachable vulnerabilities will be denoted by a RED shield while unreachable vulnerabilities will be denoted by a GREEN shield. This behavior will remain consistent for Reachability results coming from both Mend CLI scans and GitHub repo integration scans.

The Reachability data is available in the Security Alerts: View By Vulnerability report.

image-20240305-142828.png

Reference

Mend SCA Reachability - supported languages

The Reachability Supported column in the table below indicates which languages and package managers are Reachability-supported.

Language (Package Manager)

Package Manager Versions

Language
Versions

Reachability Supported

Exclusion
CLI Env Var

Repo Integration Parameter

C/C++ (Conan)

Conan 2.12+


✔️

MEND_SCA_CONAN_RESOLVEDEPENDENCIES

conan.resolveDependencies

C# (.NET)

N/A

.NET 5.0.x, 6.0.x, 7.0.x, 8.0.x, 9.0.x, 10.0.x

✔️

MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES

nuget.resolveDependencies

C# (.NET Framework)

N/A

.NET 4.8

X

MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES

nuget.resolveDependencies

Go

Modules

Golang 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x, 1.23.x

X

MEND_SCA_GO_RESOLVEDEPENDENCIES / WS_GO_MODULES_RESOLVEDEPENDENCIES

go.modules.resolveDependencies

Java (Maven)

Maven 3.2.5, 3.3.x, 3.5.x, 3.6.x, 3.8.x, 3.9.x

Java 8.x, 11.x, 17.x, 21.x

✔️

MEND_SCA_MAVEN_RESOLVEDEPENDENCIES / WS_MAVEN_RESOLVEDEPENDENCIES

maven.resolveDependencies

Java (Gradle)

  • Gradle 6.x, 7.x, 8.x

  • Gradle 9.x

  • Java 8.x, 11.x, 17.x, 21.x

  • Java 17.x, 21.x

✔️

MEND_SCA_GRADLE_RESOLVEDEPENDENCIES / WS_GRADLE_RESOLVEDEPENDENCIES

gradle.resolveDependencies

Java (sbt)

SBT 1.8

Java 8.x, 11.x, 17.x, 21.x

X

MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES

sbt.resolveDependencies

JavaScript (Bower)

Bower 1.8.x

Node.js 18.x

X

N/A

bower.resolveDependencies

JavaScript (npm)

  • npm 6.x, 7.x, 8.x, 9.x, 10.x, 11.x

  • npm 8.x, 9.x, 10.x, 11.x

  • Node.js 18.x

  • Node.js 20.x, 22.x, 24.x

✔️

MEND_SCA_NPM_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES

npm.resolveDependencies

JavaScript (Yarn)

  • yarn 1.x

  • yarn 2.x, 3.x

  • yarn 4.x

  • Node.js 16.x, 18.x, 20.x

  • Node.js 16.x, 18.x, 20.x, 22.x, 24.x

  • Node.js 16.x, 18.x, 20.x, 22.x, 24.x

✔️

MEND_SCA_YARN_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES

npm.resolveDependencies

PHP (Composer)

composer 2.2.x, 2.3.x, 2.4.x, 2.5.x, 2.6.x

PHP 7.x, 8.x

X

MEND_SCA_PHP_RESOLVEDEPENDENCIES / WS_PHP_RESOLVEDEPENDENCIES

php.resolveDependencies

Python (conda)

2023.x, 2024.x

Python 3.x

✔️

N/A

conda.resolveDependencies

Python (pip)

pip 20.x, 21.x, 22.x, 23.x

Python 3.x

✔️

MEND_SCA_PIP_RESOLVEDEPENDENCIES /
WS_PYTHON_RESOLVEDEPENDENCIES

python.resolveDependencies

Python (uv)

All versions

*Versions older than 0.4.3.0 are not supported in repository integrations

Python 3.x

✔️

MEND_SCA_UV_RESOLVEDEPENDENCIES

uv.resolveDependencies

Ruby (Bundler)

Bundler 2.2.x, 2.3.x, 2.4.x

Ruby 2.x, 3.x

X

MEND_SCA_RUBY_RESOLVEDEPENDENCIES / WS_RUBY_RESOLVEDEPENDENCIES

ruby.resolveDependencies

Scala (sbt)

SBT 1.4.x, 1.5.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x

Scala 2.13.x, 3.3.x, 3.5.x

X

MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES

sbt.resolveDependencies

Swift (SwiftPM)

SwiftPM 5.8.x, 5.9.x, 6.0.x

N/A

X

MEND_SCA_SWIFT_RESOLVEDEPENDENCIES /WS_SWIFT_RESOLVEDEPENDENCIES

swift.resolveDependencies

Swift & Objective C (CocoaPods)

  • Cocoapods 1.10.x

  • Cocoapods 1.11.x

  • Cocoapods 1.12.x

  • Swift 5.7.x

  • Swift 5.3.x, 5.9.x, 6.0.x

  • Swift 5.3.x, 5.5.x, 5.9.x, 6.0.x

X

N/A

cocoapods.resolveDependencies

Package Managers Resolved by the Unified Agent

Note: The package managers in this table are resolved using the Unified Agent, which is wrapped within the Mend CLI.

Language (Package Manager)

Package Manager Versions

Language
Versions

Reachability Supported

Exclusion
CLI Env Var

Repo Integration Parameter

HTML

N/A

N/A

X

N/A

html.resolveDependencies

JavaScript (Bower)

Bower 1.8.x

Node.js 18.x

X

N/A

N/A

JavaScript (pnpm)

  • pnpm 6.x, 7.x, 8.x, 9.x, 10.x

  • pnpm 8.x, 9.x, 10.x

  • Node.js 18.x

  • Node.js 20.x, 22.x, 24.x

✔️

N/A

npm.resolveDependencies

Python (pipenv)

2020.11.x, 2021.5.x, 2022.1.x, 2023.6.x, 2023.7.x

Python 3.x

✔️

N/A

python.resolveDependencies

Python (Poetry)

poetry 1.1.x, 1.2.x, 1.3.x, 1.4.x, 1.8.x, 2.x

Python 3.x

✔️

N/A

python.resolveDependencies

R (Packrat)

packrat 0.6.x

R 3.3.x, 4.1.x, 4.2.x

X

N/A

r.resolveDependencies

Python (Conda)

2023.x, 2024.x

Python 3.x

X

N/A

N/A

Additional Languages and Package Managers

Note: All the languages and package managers listed below are resolved by the Unified Agent. Reachability is not supported for them and they cannot be excluded from the scan.

  • Bazel

  • C#/.NET (Paket)

  • Elixir/Erlang (Hex)

  • Go

    • Dep

    • Godep

    • Vndr

    • Gogradle

    • Govendor

    • Gopm

    • Glide

  • Haskell (Cabal)

  • Java (Ant)

  • JavaScript (Lerna)

  • OCaml

  • Rust (Cargo)

Mend Reachability - tested environments

The following operating systems were tested for scanning dependencies for reachability with Mend CLI.

OS

Version

MacOS

12

Ubuntu

22.04

Windows Server

2022