Skip to main content
Skip table of contents

SCA Reachability - Technical Requirements & Limitations

Note: You can scan a multi-language project with no additional configuration.

Supported Scanners and Integrations

Mend CLI

Environments

SCA Reachability is also supported in self-contained mode.

The following operating systems were tested for Reachability analysis with the Mend CLI:

OS

Version

MacOS

12

Ubuntu

22.04

Windows Server

2022

Classic Repo Integrations

Environments

  • Supported repository integrations: GitHub.com, GitHub Enterprise, GitLab (starting from 25.10.1.2).

  • enableReachability configuration flag set to true in the scanSettings portion of the .whitesource file.

Limitations

  • Regular scan completes without partial results errors.

Developer Platform

Configure SCA Reachability for Mend Developer Platform

Language Support

Java

Environments

  • Java source files (up to JDK 17) with supported extension (.java).

  • Maven and Gradle build projects.

Improvements

  • Out-of-the-box support for multi-module projects, no need to run additional tools (e.g. xModuleAnalyzer).

  • No need to compile project to generate byte code, only sources directory and full dependency resolution are required.

  • Reflection support for java.util.ServiceLoader.

Limitations

  • The following dependency scopes are not analyzed:

    • provided

    • test

  • Reflection support is limited to the following types:

    • java.util.ServiceLoader

  • Dependency Injection support is limited to the following types:

    • org.springframework.beans.factory.annotation.Autowired

    • com.google.inject.Inject

    • javax.inject.Inject

JavaScript

Requirements

  • JavaScript/TypeScript source files with supported extensions (.js, .ts, .jsx, .tsx).

  • Successfully built NPM and Yarn projects (using the ‘npm install'/'yarn install' command).

Improvements

  • The user’s package.json file does not need to contain a “main” entry file path to a valid index.js file anymore, as was the case in the previous version of Prioritize.

Limitations

  • Reflection is not yet supported for JavaScript Reachability.

Python

Requirements

  • Python source files with the supported extension (.py).

  • A successfully built project using one of the supported package managers.

Limitations

  • Conda projects are not supported

  • Poetry projects are only supported in the GitHub repo integrations from v24.10.3.

.NET

Environments:

  • C# source files with supported extension (.cs).

  • NuGet projects are supported.

Limitations:

  • DLL binaries detected with file system scans are not supported.

Conan

Requirements

Reachability requires the dependency source files of package_type: "static-library" to be available during the analysis.
It is recommended to have them cached in the CLI pipeline prior to the Reachability scan. The CLI will attempt to download un-cached source files, resulting in potentially longer scan times and higher hardware resource utilization.

Environments:

  • C and C++ source files with supported extensions (.c, .h, .cpp)

Limitations:

  • Sources of each Conan package must be available for download, in both public and private repositories.

Supported Languages Table

Language (Package Manager)

Package Manager Versions

Language Versions

Reachability Supported

C# (.NET)

N/A

.NET 5.0.x, 6.0.x, 7.0.x, 8.0.x, 9.0.x

✔️

C/C++ (Conan)

Conan 2.x

✔️

Java (Maven)

Maven 3.2.5, 3.3.x, 3.5.x, 3.6.x, 3.8.x, 3.9.x

Java 8.x, 11.x, 17.x, 21.x

✔️

Java (Gradle)

  • Gradle 6.x, 7.x, 8.x

  • Gradle 9.x

  • Java 8.x, 11.x, 17.x, 21.x

  • Java 17.x, 21.x

✔️

JavaScript (npm)

  • npm 6.x, 7.x, 8.x, 9.x, 10.x, 11.x

  • npm 8.x, 9.x, 10.x, 11.x

  • Node.js 18.x

  • Node.js 20.x, 22.x, 24.x

✔️

JavaScript (pnpm)

  • pnpm 6.x, 7.x, 8.x, 9.x, 10.x

  • pnpm 8.x, 9.x, 10.x

  • Node.js 18.x

  • Node.js 20.x, 22.x, 24.x

✔️

JavaScript (yarn)

  • yarn 1.x

  • yarn 2.x, 3.x

  • yarn 4.x

  • Node.js 16.x, 18.x, 20.x

  • Node.js 16.x, 18.x, 20.x, 22.x, 24.x

  • Node.js 16.x, 18.x, 20.x, 22.x, 24.x

✔️

Python (Conda)

2023.x, 2024.x

Python 3.x

✔️

Python (pip)

pip 20.x, 21.x, 22.x, 23.x

Python 3.x

✔️

Python (pipenv)

2020.11.x, 2021.5.x, 2022.1.x, 2023.6.x, 2023.7.x

Python 3.x

✔️

Python (poetry)

poetry 1.1.x, 1.2.x, 1.3.x, 1.4.x, 1.8.x, 2.x

Python 3.x

✔️

C# (.NET Framework)

N/A

.NET 4.8

X

Golang

Modules

Golang 1.14.x, 1.15.x, 1.16.x, 1.17.x, 1.18.x, 1.19.x, 1.20.x, 1.21.x, 1.22.x, 1.23.x

X

HTML

N/A

N/A

X

Java (SBT)

SBT 1.8

Java 8.x, 11.x, 17.x, 21.x

X

JavaScript (Bower)

Bower 1.8.x

Node.js 18.x

X

PHP (composer)

composer 2.2.x, 2.3.x, 2.4.x, 2.5.x, 2.6.x

PHP 7.x, 8.x

X

R (packrat)

packrat 0.6.x

R 3.3.x, 4.1.x, 4.2.x

X

Ruby (Bundler)

Bundler 2.2.x, 2.3.x, 2.4.x

Ruby 2.x, 3.x

X

Scala (SBT)

SBT 1.4.x, 1.5.x, 1.7.x, 1.8.x, 1.9.x, 1.10.x

Scala 2.13.x, 3.3.x, 3.5.x

X

Swift (SwiftPM)

SwiftPM 5.8.x, 5.9.x, 6.0.x

N/A

X

Swift & Objective C (Cocoapods)

  • Cocoapods 1.10.x

  • Cocoapods 1.11.x

  • Cocoapods 1.12.x

  • Swift 5.7.x

  • Swift 5.3.x, 5.9.x, 6.0.x

  • Swift 5.3.x, 5.5.x, 5.9.x, 6.0.x

X

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close