SCA Scanning

Supported Languages and Files

16min

SOOS SCA supports a wide range of package managers, manifest formats, and file types. We cover the most popular package managers for each language.

SOOS SCA primarily relies on manifest files, however cryptographic identification and verification is supported for some languages.

If you don’t see your language, package manager, or manifest format, feel free to reach out at Support at SOOS. We're constantly expanding our support and will either add your request to our roadmap or let you know when to expect it.

.NET (C#, VB) - NuGet

  • Manifest Files
    • packages.lock.json (lock file)
    • paket.lock (lock file)
    • packages.config
    • csproj
    • vbproj
    • project.assets.json
    • paket.dependencies
  • Crytographic Identification
    • *.nuget

.NET (C#) - Unity

  • manifest.json
  • packages-lock.json (lock file)
  • C/C++ - Conan
    • conanfile.py
    • conanfile.txt
    • conan.lock (lock file)

Dart (Flutter) - Dart PM (Pub Package Manager)

  • pubspec.yaml
  • pubspec.lock (lock file)

Elixir - Mix

  • mix.exs
  • mix.lock (lock file)

Erlang - Rebar3

  • rebar.config
  • rebar.lock (lock file)

Go (GoLang) - Go Modules

  • go.mod

Homebrew. - Various languages

  • brewfile
  • brewfile.lock.json

Java - Gradle & Maven

  • Manifest Files
    • pom.xml
    • .pom
    • build.gradle**
    • gradle.lockfile
  • Cryptographic Identification
    • *.jar

Kotlin - Gradle

  • gradle.lockfile
  • build.gradle.kts

Manifest formats build.gradle and build.gradle.kts do not support version variables or substitutions. If you are using either of these, consider using a lock file, see Lock vs Non-Lock Manifests for more details.

Node - npm, Yarn, and pnpm

  • package.lock.json (lock file)
  • package.json
  • pnpm-lock.yaml (lock file)
  • yarn.lock (lock file)

PHP - Composer

  • composer.json

Python - PyPI

  • pipfile.lock (lock file)
  • poetry.lock (lockfile)
  • pdm.lock (lockfile)
  • pipfile
  • pyproject.toml (Poetry & PDM)
  • .*req.*\\.txt

Ruby - Ruby Gems

  • gemfile.lock (lock file)
  • gemfile

Rust - Cargo

  • cargo.toml
  • cargo.lock (lock file)

Swift - SwiftPM

  • Package.swift
  • Package.resolved (lock file)



Updated 25 Feb 2025
Doc contributor
Did this page help you?
PREVIOUS
Getting Started with SOOS SCA
NEXT
C-Family Scanning (C, C++, & Objective C)
Docs powered by Archbee