View your SCA Reachability Results in the Legacy SCA Application UI

Overview

Viewing results in the Legacy SCA UI

In the Legacy SCA application’s user interface, reachable vulnerabilities will be denoted by a RED shield while unreachable vulnerabilities will be denoted by a GREEN shield. This behavior will remain consistent for Reachability results coming from both Mend CLI scans and GitHub repo integration scans.

The Reachability data is available in the Security Alerts: View By Vulnerability report.

Reference

Mend SCA Reachability - supported languages

The Reachability Supported column in the table below indicates which languages and package managers are Reachability-supported.

Language (Package Manager)	Package Manager Versions	Language Versions	Reachability Supported	Exclusion CLI Env Var	Repo Integration Parameter
C/C++ (Conan)	Conan 2.12+		✔️	MEND_SCA_CONAN_RESOLVEDEPENDENCIES	conan.resolveDependencies
C# (.NET)	N/A	.NET 5.0.x, 6.0.x, 7.0.x, 8.0.x, 9.0.x, 10.0.x	✔️	MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES	nuget.resolveDependencies
C# (.NET Framework)	N/A	.NET 4.8	X	MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES	nuget.resolveDependencies
Go	Modules	Golang 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x, 1.23.x	X	MEND_SCA_GO_RESOLVEDEPENDENCIES / WS_GO_MODULES_RESOLVEDEPENDENCIES	go.modules.resolveDependencies
Java (Maven)	Maven 3.2.5, 3.3.x, 3.5.x, 3.6.x, 3.8.x, 3.9.x	Java 8.x, 11.x, 17.x, 21.x	✔️	MEND_SCA_MAVEN_RESOLVEDEPENDENCIES / WS_MAVEN_RESOLVEDEPENDENCIES	maven.resolveDependencies
Java (Gradle)	Gradle 6.x, 7.x, 8.x Gradle 9.x	Java 8.x, 11.x, 17.x, 21.x Java 17.x, 21.x	✔️	MEND_SCA_GRADLE_RESOLVEDEPENDENCIES / WS_GRADLE_RESOLVEDEPENDENCIES	gradle.resolveDependencies
Java (sbt)	SBT 1.8	Java 8.x, 11.x, 17.x, 21.x	X	MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES	sbt.resolveDependencies
JavaScript (Bower)	Bower 1.8.x	Node.js 18.x	X	N/A	bower.resolveDependencies
JavaScript (npm)	npm 6.x, 7.x, 8.x, 9.x, 10.x, 11.x npm 8.x, 9.x, 10.x, 11.x	Node.js 18.x Node.js 20.x, 22.x, 24.x	✔️	MEND_SCA_NPM_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES	npm.resolveDependencies
JavaScript (Yarn)	yarn 1.x yarn 2.x, 3.x yarn 4.x	Node.js 16.x, 18.x, 20.x Node.js 16.x, 18.x, 20.x, 22.x, 24.x Node.js 16.x, 18.x, 20.x, 22.x, 24.x	✔️	MEND_SCA_YARN_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES	npm.resolveDependencies
PHP (Composer)	composer 2.2.x, 2.3.x, 2.4.x, 2.5.x, 2.6.x	PHP 7.x, 8.x	X	MEND_SCA_PHP_RESOLVEDEPENDENCIES / WS_PHP_RESOLVEDEPENDENCIES	php.resolveDependencies
Python (conda)	2023.x, 2024.x	Python 3.x	✔️	N/A	conda.resolveDependencies
Python (pip)	pip 20.x, 21.x, 22.x, 23.x	Python 3.x	✔️	MEND_SCA_PIP_RESOLVEDEPENDENCIES / WS_PYTHON_RESOLVEDEPENDENCIES	python.resolveDependencies
Python (uv)	All versions *Versions older than 0.4.3.0 are not supported in repository integrations	Python 3.x	✔️	MEND_SCA_UV_RESOLVEDEPENDENCIES	uv.resolveDependencies
Ruby (Bundler)	Bundler 2.2.x, 2.3.x, 2.4.x	Ruby 2.x, 3.x	X	MEND_SCA_RUBY_RESOLVEDEPENDENCIES / WS_RUBY_RESOLVEDEPENDENCIES	ruby.resolveDependencies
Scala (sbt)	SBT 1.4.x, 1.5.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x	Scala 2.13.x, 3.3.x, 3.5.x	X	MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES	sbt.resolveDependencies
Swift (SwiftPM)	SwiftPM 5.8.x, 5.9.x, 6.0.x	N/A	X	MEND_SCA_SWIFT_RESOLVEDEPENDENCIES /WS_SWIFT_RESOLVEDEPENDENCIES	swift.resolveDependencies
Swift & Objective C (CocoaPods)	Cocoapods 1.10.x Cocoapods 1.11.x Cocoapods 1.12.x	Swift 5.7.x Swift 5.3.x, 5.9.x, 6.0.x Swift 5.3.x, 5.5.x, 5.9.x, 6.0.x	X	N/A	cocoapods.resolveDependencies

Package Managers Resolved by the Unified Agent

Note: The package managers in this table are resolved using the Unified Agent, which is wrapped within the Mend CLI.

Language (Package Manager)	Package Manager Versions	Language Versions	Reachability Supported	Exclusion CLI Env Var	Repo Integration Parameter
HTML	N/A	N/A	X	N/A	html.resolveDependencies
JavaScript (Bower)	Bower 1.8.x	Node.js 18.x	X	N/A	N/A
JavaScript (pnpm)	pnpm 6.x, 7.x, 8.x, 9.x, 10.x pnpm 8.x, 9.x, 10.x	Node.js 18.x Node.js 20.x, 22.x, 24.x	✔️	N/A	npm.resolveDependencies
Python (pipenv)	2020.11.x, 2021.5.x, 2022.1.x, 2023.6.x, 2023.7.x	Python 3.x	✔️	N/A	python.resolveDependencies
Python (Poetry)	poetry 1.1.x, 1.2.x, 1.3.x, 1.4.x, 1.8.x, 2.x	Python 3.x	✔️	N/A	python.resolveDependencies
R (Packrat)	packrat 0.6.x	R 3.3.x, 4.1.x, 4.2.x	X	N/A	r.resolveDependencies
Python (Conda)	2023.x, 2024.x	Python 3.x	X	N/A	N/A

Additional Languages and Package Managers

Note: All the languages and package managers listed below are resolved by the Unified Agent. Reachability is not supported for them and they cannot be excluded from the scan.

Bazel
C#/.NET (Paket)
Elixir/Erlang (Hex)
Go
- Dep
- Godep
- Vndr
- Gogradle
- Govendor
- Gopm
- Glide
Haskell (Cabal)
Java (Ant)
JavaScript (Lerna)
OCaml
Rust (Cargo)

Mend Reachability - tested environments

The following operating systems were tested for scanning dependencies for reachability with Mend CLI.

OS	Version
MacOS	12
Ubuntu	22.04
Windows Server	2022

[data-colorid=mx3zrijbau]{color:#bf2600} html[data-color-mode=dark] [data-colorid=mx3zrijbau]{color:#ff6640}[data-colorid=rtrdk9t0xh]{color:#006644} html[data-color-mode=dark] [data-colorid=rtrdk9t0xh]{color:#99ffdd}Overview