📦

Code Risk Language and Framework Support

This page will be deprecated when all other pages in code risk are completed

Rules Methodology
Arnica's scanners leverage a combination of open source libraries and Arnica's internally maintained Global Rules.  

This rules framework combines the growth engine of open source contribution and the scan quality of a managed service, resulting in expansive coverage with quality scanning results. 

Arnica also allows organizations to define custom rules for SAST and Secret scanning, allowing for customized coverage and detection of org specific code or tokens. 
Full Language and Framework Support 
The following languages and frameworks are supported out of the box within Arnica.
Language/Framework
SAST
SCA/License
Reputation
IaC
.Net
C# is GA
packages.lock.json, packages.config, .deps.json
NuGet
N/A
Azure Resource Manager (ARM)
N/A
N/A
N/A
GA
Bash
Experimental
N/A
N/A
N/A
C
GA
conan.lock
-
N/A
C++
GA
conan.lock
-
N/A
Clojure
Experimental
-
-
N/A
CloudFormation
N/A
N/A
N/A
GA, including AWS SAM
Dart
Experimental
-
-
N/A
Docker
N/A
N/A
N/A
GA
L
Experimental
mix.lock
-
N/A
Go
GA
go.mod
Go
N/A
Helm Charts
N/A
N/A
N/A
GA
HTML
Experimental
N/A
N/A
N/A
Java
GA
Files: JAR, WAR, EAR. Packages: pom.xml, gradle.lockfile
Maven
N/A
JavaScript (including JSX, TSX, TypeScript)
GA
package-lock.json, yarn.lock, pnpm-lock.yaml
NPM
N/A
Jsonnet
Experimental
-
-
N/A
Julia
Experimental
-
-
N/A
Kotlin
Beta
-
-
N/A
Kubernetes
N/A
N/A
N/A
GA
Lisp
Experimental
-
-
N/A
Lua
Experimental
-
-
N/A
OCaml
Experimental
-
-
N/A
PHP
GA
composer.lock
-
N/A
Python
GA
Pipfile.lock, poetry.lock, requirements.txt
PyPi
N/A
R
Experimental
-
-
N/A
Ruby
GA
Gemfile.lock
-
N/A
Rust
Beta
Cargo.lock
Cargo
N/A
Scala
GA
Same as Java
-
N/A
Scheme
Experimental
-
-
N/A
Serverless Framework
N/A
N/A
N/A
GA
Solidity
Experimental
-
-
N/A
Swift
Experimental
-
-
N/A
Terraform
N/A
N/A
N/A
GA: AWS, GCP, Azure and OCI
*Scanning coverage is subject to change base on your tenants tier. 
​

Language/Framework	SAST	SCA/License	Reputation	IaC
.Net	C# is GA	packages.lock.json, packages.config, .deps.json	NuGet	N/A
Azure Resource Manager (ARM)	N/A	N/A	N/A	GA
Bash	Experimental	N/A	N/A	N/A
C	GA	conan.lock	-	N/A
C++	GA	conan.lock	-	N/A
Clojure	Experimental	-	-	N/A
CloudFormation	N/A	N/A	N/A	GA, including AWS SAM
Dart	Experimental	-	-	N/A
Docker	N/A	N/A	N/A	GA
L	Experimental	mix.lock	-	N/A
Go	GA	go.mod	Go	N/A
Helm Charts	N/A	N/A	N/A	GA
HTML	Experimental	N/A	N/A	N/A
Java	GA	Files: JAR, WAR, EAR. Packages: pom.xml, gradle.lockfile	Maven	N/A
JavaScript (including JSX, TSX, TypeScript)	GA	package-lock.json, yarn.lock, pnpm-lock.yaml	NPM	N/A
Jsonnet	Experimental	-	-	N/A
Julia	Experimental	-	-	N/A
Kotlin	Beta	-	-	N/A
Kubernetes	N/A	N/A	N/A	GA
Lisp	Experimental	-	-	N/A
Lua	Experimental	-	-	N/A
OCaml	Experimental	-	-	N/A
PHP	GA	composer.lock	-	N/A
Python	GA	Pipfile.lock, poetry.lock, requirements.txt	PyPi	N/A
R	Experimental	-	-	N/A
Ruby	GA	Gemfile.lock	-	N/A
Rust	Beta	Cargo.lock	Cargo	N/A
Scala	GA	Same as Java	-	N/A
Scheme	Experimental	-	-	N/A
Serverless Framework	N/A	N/A	N/A	GA
Solidity	Experimental	-	-	N/A
Swift	Experimental	-	-	N/A
Terraform	N/A	N/A	N/A	GA: AWS, GCP, Azure and OCI

Code Risks - Previous

Code Risk Magic Links

Next - Platform Operations

Joining an Existing Org

Last modified 2mo ago