Skip to main content
Skip table of contents

SCA Reachability - Technical Requirements & Limitations

Note: You can scan a multi-language project with no additional configuration.

Supported Scanners and Integrations

Mend CLI

Environments

SCA Reachability is also supported in self-contained mode.

The following operating systems were tested for Reachability analysis with the Mend CLI:

OS

Version

MacOS

12

Ubuntu

22.04

Windows Server

2022

Classic Repo Integrations

Environments

  • Supported repository integrations: GitHub.com, GitHub Enterprise, GitLab (starting from 25.10.1.2).

  • enableReachability configuration flag set to true in the scanSettings portion of the .whitesource file.

Limitations

  • Regular scan completes without partial results errors.

Developer Platform

Configure SCA Reachability for Mend Developer Platform

Language Support

Java

Environments

  • Java source files (up to JDK 17) with supported extension (.java).

  • Maven and Gradle build projects.

Improvements

  • Out-of-the-box support for multi-module projects, no need to run additional tools (e.g. xModuleAnalyzer).

  • No need to compile project to generate byte code, only sources directory and full dependency resolution are required.

  • Reflection support for java.util.ServiceLoader.

Limitations

  • The following dependency scopes are not analyzed:

    • provided

    • test

  • Reflection support is limited to the following types:

    • java.util.ServiceLoader

  • Dependency Injection support is limited to the following types:

    • org.springframework.beans.factory.annotation.Autowired

    • com.google.inject.Inject

    • javax.inject.Inject

JavaScript

Requirements

  • JavaScript/TypeScript source files with supported extensions (.js, .ts, .jsx, .tsx).

  • Successfully built NPM and Yarn projects (using the ‘npm install'/'yarn install' command).

Improvements

  • The user’s package.json file does not need to contain a “main” entry file path to a valid index.js file anymore, as was the case in the previous version of Prioritize.

Limitations

  • Reflection is not yet supported for JavaScript Reachability.

Python

Requirements

  • Python source files with the supported extension (.py).

  • A successfully built project using one of the supported package managers.

Limitations

  • Conda projects are not supported

  • Poetry projects are only supported in the GitHub repo integrations from v24.10.3.

.NET

Environments:

  • C# source files with supported extension (.cs).

  • NuGet projects are supported.

Limitations:

  • DLL binaries detected with file system scans are not supported.

Conan

Requirements

Reachability requires the dependency source files of package_type: "static-library" to be available during the analysis.
It is recommended to have them cached in the CLI pipeline prior to the Reachability scan. The CLI will attempt to download un-cached source files, resulting in potentially longer scan times and higher hardware resource utilization.

Environments:

  • C and C++ source files with supported extensions (.c, .h, .cpp)

Limitations:

  • Sources of each Conan package must be available for download, in both public and private repositories.

Supported Languages Table

Language (Package Manager)

Package Manager Versions

Language
Versions

Reachability Supported

Exclusion
CLI Env Var

Repo Integration Parameter

C/C++ (Conan)

Conan 2.12+

✔️

MEND_SCA_CONAN_RESOLVEDEPENDENCIES

conan.resolveDependencies

C# (.NET)

N/A

.NET 5.0.x, 6.0.x, 7.0.x, 8.0.x, 9.0.x, 10.0.x

✔️

MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES

nuget.resolveDependencies

C# (.NET Framework)

N/A

.NET 4.8

X

MEND_SCA_NUGET_CSPROJ_RESOLVEDEPENDENCIES / WS_NUGET_RESOLVEDEPENDENCIES

nuget.resolveDependencies

Go

Modules

Golang 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x, 1.23.x

X

MEND_SCA_GO_RESOLVEDEPENDENCIES / WS_GO_MODULES_RESOLVEDEPENDENCIES

go.modules.resolveDependencies

HTML

N/A

N/A

X

N/A

html.resolveDependencies

Java (Maven)

Maven 3.2.5, 3.3.x, 3.5.x, 3.6.x, 3.8.x, 3.9.x

Java 8.x, 11.x, 17.x, 21.x

✔️

MEND_SCA_MAVEN_RESOLVEDEPENDENCIES / WS_MAVEN_RESOLVEDEPENDENCIES

maven.resolveDependencies

Java (Gradle)

  • Gradle 6.x, 7.x, 8.x

  • Gradle 9.x

  • Java 8.x, 11.x, 17.x, 21.x

  • Java 17.x, 21.x

✔️

MEND_SCA_GRADLE_RESOLVEDEPENDENCIES / WS_GRADLE_RESOLVEDEPENDENCIES

gradle.resolveDependencies

Java (sbt)

SBT 1.8

Java 8.x, 11.x, 17.x, 21.x

X

MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES

sbt.resolveDependencies

JavaScript (Bower)

Bower 1.8.x

Node.js 18.x

X

N/A

bower.resolveDependencies

JavaScript (npm)

  • npm 6.x, 7.x, 8.x, 9.x, 10.x, 11.x

  • npm 8.x, 9.x, 10.x, 11.x

  • Node.js 18.x

  • Node.js 20.x, 22.x, 24.x

✔️

MEND_SCA_NPM_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES

npm.resolveDependencies

JavaScript (pnpm)

  • pnpm 6.x, 7.x, 8.x, 9.x, 10.x

  • pnpm 8.x, 9.x, 10.x

  • Node.js 18.x

  • Node.js 20.x, 22.x, 24.x

✔️

N/A

npm.resolveDependencies

JavaScript (Yarn)

  • yarn 1.x

  • yarn 2.x, 3.x

  • yarn 4.x

  • Node.js 16.x, 18.x, 20.x

  • Node.js 16.x, 18.x, 20.x, 22.x, 24.x

  • Node.js 16.x, 18.x, 20.x, 22.x, 24.x

✔️

MEND_SCA_YARN_RESOLVEDEPENDENCIES / WS_NPM_RESOLVEDEPENDENCIES

npm.resolveDependencies

PHP (Composer)

composer 2.2.x, 2.3.x, 2.4.x, 2.5.x, 2.6.x

PHP 7.x, 8.x

X

MEND_SCA_PHP_RESOLVEDEPENDENCIES / WS_PHP_RESOLVEDEPENDENCIES

php.resolveDependencies

Python (conda)

2023.x, 2024.x

Python 3.x

✔️

N/A

conda.resolveDependencies

Python (pip)

pip 20.x, 21.x, 22.x, 23.x

Python 3.x

✔️

MEND_SCA_PIP_RESOLVEDEPENDENCIES /
WS_PYTHON_RESOLVEDEPENDENCIES

python.resolveDependencies

Python (pipenv)

2020.11.x, 2021.5.x, 2022.1.x, 2023.6.x, 2023.7.x

Python 3.x

✔️

N/A

python.resolveDependencies

Python (Poetry)

poetry 1.1.x, 1.2.x, 1.3.x, 1.4.x, 1.8.x, 2.x

Python 3.x

✔️

N/A

python.resolveDependencies

Python (uv)

All versions

*Versions older than 0.4.3.0 are not supported in repository integrations

Python 3.x

✔️

MEND_SCA_UV_RESOLVEDEPENDENCIES

uv.resolveDependencies

R (Packrat)

packrat 0.6.x

R 3.3.x, 4.1.x, 4.2.x

X

N/A

r.resolveDependencies

Ruby (Bundler)

Bundler 2.2.x, 2.3.x, 2.4.x

Ruby 2.x, 3.x

X

MEND_SCA_RUBY_RESOLVEDEPENDENCIES / WS_RUBY_RESOLVEDEPENDENCIES

ruby.resolveDependencies

Scala (sbt)

SBT 1.4.x, 1.5.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x

Scala 2.13.x, 3.3.x, 3.5.x

X

MEND_SCA_SBT_RESOLVEDEPENDENCIES /WS_SBT_RESOLVEDEPENDENCIES

sbt.resolveDependencies

Swift (SwiftPM)

SwiftPM 5.8.x, 5.9.x, 6.0.x

N/A

X

MEND_SCA_SWIFT_RESOLVEDEPENDENCIES /WS_SWIFT_RESOLVEDEPENDENCIES

swift.resolveDependencies

Swift & Objective C (CocoaPods)

  • Cocoapods 1.10.x

  • Cocoapods 1.11.x

  • Cocoapods 1.12.x

  • Swift 5.7.x

  • Swift 5.3.x, 5.9.x, 6.0.x

  • Swift 5.3.x, 5.5.x, 5.9.x, 6.0.x

X

N/A

cocoapods.resolveDependencies

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close