# Code Risk Language and Framework Support ## Rules Methodology *** Arnica's scanners leverage a combination of open source libraries and Arnica's internally maintained Global Rules.\ \ This rules framework combines the growth engine of open source contribution and the scan quality of a managed service, resulting in expansive coverage with quality scanning results.\ \ Arnica also allows organizations to define custom rules for SAST and Secret scanning, allowing for customized coverage and detection of org specific code or tokens. *** ## Full Language and Framework Support The following languages and frameworks are supported out of the box within Arnica.

Language/Framework	SAST	SCA/License	Reputation	IaC
.Net	C# is GA	packages.lock.json, packages.config, .deps.json	NuGet	N/A
Azure Resource Manager (ARM)	N/A	N/A	N/A	GA
Bash	Experimental	N/A	N/A	N/A
C	GA	conan.lock	-	N/A
C++	GA	conan.lock	-	N/A
Clojure	Experimental	-	-	N/A
CloudFormation	N/A	N/A	N/A	GA, including AWS SAM
Dart	Experimental	-	-	N/A
Docker	N/A	N/A	N/A	GA
L	Experimental	mix.lock	-	N/A
Go	GA	go.mod	Go	N/A
Helm Charts	N/A	N/A	N/A	GA
HTML	Experimental	N/A	N/A	N/A
Java	GA	Files: JAR, WAR, EAR. Packages: pom.xml, gradle.lockfile	Maven	N/A
JavaScript (including JSX, TSX, TypeScript)	GA	package-lock.json, yarn.lock, pnpm-lock.yaml	NPM	N/A
Jsonnet	Experimental	-	-	N/A
Julia	Experimental	-	-	N/A
Kotlin	Beta	-	-	N/A
Kubernetes	N/A	N/A	N/A	GA
Lisp	Experimental	-	-	N/A
Lua	Experimental	-	-	N/A
OCaml	Experimental	-	-	N/A
PHP	GA	composer.lock	-	N/A
Python	GA	Pipfile.lock, poetry.lock, requirements.txt	PyPi	N/A
R	Experimental	-	-	N/A
Ruby	GA	Gemfile.lock	-	N/A
Rust	Beta	Cargo.lock	Cargo	N/A
Scala	GA	Same as Java	-	N/A
Scheme	Experimental	-	-	N/A
Serverless Framework	N/A	N/A	N/A	GA
Solidity	Experimental	-	-	N/A
Swift	Experimental	-	-	N/A
Terraform	N/A	N/A	N/A	GA: AWS, GCP, Azure and OCI

\*Scanning coverage is subject to change base on your tenants tier.