Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Rules Methodology
  • Full Language and Framework Support

Was this helpful?

  1. Code Risks

Code Risk Language and Framework Support

This page will be deprecated when all other pages in code risk are completed

Rules Methodology


Arnica's scanners leverage a combination of open source libraries and Arnica's internally maintained Global Rules. This rules framework combines the growth engine of open source contribution and the scan quality of a managed service, resulting in expansive coverage with quality scanning results. Arnica also allows organizations to define custom rules for SAST and Secret scanning, allowing for customized coverage and detection of org specific code or tokens.


Full Language and Framework Support

The following languages and frameworks are supported out of the box within Arnica.

Language/Framework
SAST
SCA/License
Reputation
IaC

.Net

C# is GA

packages.lock.json, packages.config, .deps.json

NuGet

N/A

Azure Resource Manager (ARM)

N/A

N/A

N/A

GA

Bash

Experimental

N/A

N/A

N/A

C

GA

conan.lock

-

N/A

C++

GA

conan.lock

-

N/A

Clojure

Experimental

-

-

N/A

CloudFormation

N/A

N/A

N/A

GA, including AWS SAM

Dart

Experimental

-

-

N/A

Docker

N/A

N/A

N/A

GA

L

Experimental

mix.lock

-

N/A

Go

GA

go.mod

Go

N/A

Helm Charts

N/A

N/A

N/A

GA

HTML

Experimental

N/A

N/A

N/A

Java

GA

Files: JAR, WAR, EAR. Packages: pom.xml, gradle.lockfile

Maven

N/A

JavaScript (including JSX, TSX, TypeScript)

GA

package-lock.json, yarn.lock, pnpm-lock.yaml

NPM

N/A

Jsonnet

Experimental

-

-

N/A

Julia

Experimental

-

-

N/A

Kotlin

Beta

-

-

N/A

Kubernetes

N/A

N/A

N/A

GA

Lisp

Experimental

-

-

N/A

Lua

Experimental

-

-

N/A

OCaml

Experimental

-

-

N/A

PHP

GA

composer.lock

-

N/A

Python

GA

Pipfile.lock, poetry.lock, requirements.txt

PyPi

N/A

R

Experimental

-

-

N/A

Ruby

GA

Gemfile.lock

-

N/A

Rust

Beta

Cargo.lock

Cargo

N/A

Scala

GA

Same as Java

-

N/A

Scheme

Experimental

-

-

N/A

Serverless Framework

N/A

N/A

N/A

GA

Solidity

Experimental

-

-

N/A

Swift

Experimental

-

-

N/A

Terraform

N/A

N/A

N/A

GA: AWS, GCP, Azure and OCI

*Scanning coverage is subject to change base on your tenants tier.

PreviousCode Risk Magic LinksNextJoining an Existing Org

Last updated 1 year ago

Was this helpful?

📦