Black Duck® SCA uses multiple open source discovery technologies to determine which dependencies are included in an application.

This includes the ability to scan package managers, source code, binaries and artifacts, container images, and various file types. The result is a complete and accurate open source inventory and Software Bill of Materials (SBOM).  

This page lists many of the most popular languages, package managers, and files supported by Black Duck SCA. For more information, and for details on additional support provided by our multiple scanning technologies, visit our documentation page

For information on Black Duck integrations, visit our development and DevOps tool integrations page. 

Languages

•     Rust
•     C
•     C++
•     Clojure
•     Objective-C

•     Python
•     Perl
•     R
•     Dart
•     Golang
•     Groovy

•     Erlang
•     Java
•     JavaScript
•     Kotlin
•     Node.js 

•     .NET Cloud
•     C#
•     PHP
•     Ruby
•     Scala
•     Swift

Package managers

  • Bazel
  • BitBake
  • Cargo
  • Conan
  • Conda
  • CocoaPods
  • Cpanm
  • Composer

 

 

  • Dart
  • Go
  • Gradle
  • Hex
  • Lerna
  • Maven
  • npm
  • NuGeT
  • Opam
  • Pear
  • Pip
  • pnpm
  • Packrat
  • Pipenv
  • RubyGems
  • sbt
  •  Setuptools
  • Swift
  • Yarn
  • Godep
  • Dep
  • Clang (C/C++)
  • GoLang
  • UV
  • Yocto

Binary formats

  • Native binaries
  • Java binaries
  • .NET binaries
  • Go binaries

Compression formats

  • Gzip (.gz)
  • bzip2 (.bz2)
  • LZMA (.lz)
  • Compress (.Z)
  • XZ (.xz)
  • Pack200 (.jar)
  • UPX (.exe)
  • Snappy
  • DEFLATE

Archive formats

  • ZIP (.zip, .jar, .apk, etc.)
  • 7-Zip (.7z)
  • ARJ (.arj)
  • TAR (.tar)
  • cpio (.cpio)
  • RAR (.rar)
  • Electon archive (.asar)
  • DUMP

Installation formats

  • Red Hat RPM (.rpm)
  • Debian package (.deb)
  • Mac installers (.dmg, .pkg)
  • Unix shell file installers (.sh, .bin)
  • Windows installers (.exe, .msi, .cab)