Software Packages
| Programming Language | Package | SCA Source code scanning | SCA Binary scanning |
|---|---|---|---|
| Go | Go | ✅ | ✅ |
| PHP | PHP | ✅ | |
| Java | Maven | ✅ | ✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types |
| Java | Gradle | ✅ | ✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types |
| Java | Ivy | ✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types | |
| Scala | SBT | ✅ jar, war, ear, nupkg, sar, har, hpi, cpa, jpi, all archive types | |
| JavaScript | npm | ✅ | ✅ |
| JavaScript | Bower | ✅ | |
| JavaScript | pnpm | ✅ | |
| JavaScript | YARN | ✅ | |
| .NET | NuGet | ✅ | ✅ nupkg, all archive types |
| Python | PyPI | ✅ | ✅ whl, egg, all archive types |
| Python | Conda | ✅ | |
| Ruby | RubyGems | ✅ | |
| Objective-C | CocoaPods | ✅ | ✅ podspec |
| C/C++ | Conan | ✅ | ✅ conanmanifest.txt |
| Rust | Cargo | ✅ crate | |
| R | CRAN | ✅ All archive types | |
| Swift | SwiftPM | ✅ |
OS Packages
| Package | SCA Source code scanning | SCA Binary scanning |
|---|---|---|
| Debian | N/A | ✅ |
| RPM | N/A | ✅ |
| Alpine | N/A | ✅ |
Containers
| Package | SCA Source code scanning | SCA Binary scanning |
|---|---|---|
| Docker | ✅ | |
| OCI | ✅ | |
| Chainguard Images | ✅ |
ML Models
| Package | SCA Source code scanning | SCA Binary scanning |
|---|---|---|
| Hugging Face ML | N/A | ✅ |
| Machine Learning Model | N/A | ✅ Xray Identifies ML Model binaries in Generic repositories and inside Docker containers |
Others
| Package | SCA Source code scanning | SCA Binary scanning |
|---|---|---|
| CycloneDX SBOM | ✅ | ✅ cdx.json, cdx.xml |
| Terraform | ✅ Terraform Module, Terraform Plan | ✅ Terraform State |
Archive Support in Generic Artifactory Repository
| Type | SCA Source code scanning | SCA Binary scanning |
|---|---|---|
| Supported Archive Types | N/A | 7z, zip, tar, vmdk, ova, cpio, iso, rar, aar |
| Supported Compression Types | N/A | gz, xz, bz2, zstd, lzma |
Notes:
- Operational risk is supported for Maven and NPM