Black Duck® SCA uses multiple open source discovery technologies to determine which dependencies are included in an application. This includes the ability to scan package managers, source code, binaries and artifacts, container images, and various file types. The result is a complete and accurate open source inventory and Software Bill of Materials (SBOM).
This page lists many of the most popular languages, package managers, and files supported by Black Duck SCA. For more information, and for details on additional support provided by our multiple scanning technologies, visit our documentation page
For information on Black Duck integrations, visit our development and DevOps tool integrations page.
• Rust
• C
• C++
• Clojure
• Objective-C
• Python
• Perl
• R
• Dart
• Golang
• Groovy
• Erlang
• Java
• JavaScript
• Kotlin
• Node.js
• .NET Cloud
• C#
• PHP
• Ruby
• Scala
• Swift
• Bazel
• BitBake
• Conan
• Conda
• CocoaPods
• Cpanm
• Composer
• Go
• Gradle
• Hex
• Lerna
• Maven
• npm
• NuGeT
• Pear
• Pip
• pnpm
• Packrat
• RubyGems
• sbt
• Swift
• Yarn
• Godep
• Dep
• Clang (C/C++)
• GoLang
• Yocto
• Native binaries
• Java binaries
• .NET binaries
• Go binaries
• Gzip (.gz)
• bzip2 (.bz2)
• LZMA (.lz)
• Compress (.Z)
• XZ (.xz)
• Pack200 (.jar)
• UPX (.exe)
• Snappy
• DEFLATE
• ZIP (.zip, .jar, .apk, etc.)
• 7-Zip (.7z)
• ARJ (.arj)
• TAR (.tar)
• cpio (.cpio)
• RAR (.rar)
• Electon archive (.asar)
• DUMP
• Red Hat RPM (.rpm)
• Debian package (.deb)
• Mac installers (.dmg, .pkg)
• Unix shell file installers (.sh, .bin)
• Windows installers (.exe, .msi, .cab)