Language and Framework Support
Languages, frameworks, and package ecosystems supported across all DryRun Security scanning capabilities.
DryRun Security supports a broad range of languages, frameworks, and package ecosystems across its scanning capabilities. Coverage varies by scanning mode: PR scanning and DeepScan analyze source code, while SCA analyzes dependency manifests and lock files.
PR Scanning and DeepScan
Both PR scanning and DeepScan support the same set of programming languages and frameworks. The scanner automatically detects the language and framework in use during analysis and tailors its review accordingly.
| Language | Frameworks and Runtimes |
|---|---|
| JavaScript / TypeScript | Node.js, React, Angular, Vue |
| Python | Django, Flask, FastAPI |
| Java | Spring, Jakarta EE |
| Go | |
| Ruby | Rails, Sinatra |
| PHP | Laravel, Symfony |
| C# | .NET |
| Kotlin | |
| Swift | |
| Rust |
SCA: Dependency Ecosystems
Software Composition Analysis (SCA) runs as part of DeepScan and scans package manifests and lock files across all major package ecosystems. Each dependency is checked against known vulnerability databases, matching specific CVEs to affected version ranges.
| Ecosystem | Manifest and Lock Files |
|---|---|
| JavaScript / Node.js | package.json, package-lock.json, yarn.lock |
| Python | requirements.txt, Pipfile, pyproject.toml, poetry.lock |
| Ruby | Gemfile, Gemfile.lock |
| Java / Kotlin | pom.xml, Gradle build files |
| Go | go.mod, go.sum |
| Rust | Cargo.toml, Cargo.lock |
| .NET | *.csproj, packages.config |
Automatic Language Detection
DryRun Security automatically detects languages and frameworks in use during scanning. No manual configuration is required: the scanner profiles the repository structure, file extensions, and framework conventions to tailor its security analysis to your specific stack.
For SCA, the scanner identifies all manifest and lock files present in the repository and checks each dependency against the appropriate vulnerability database for that ecosystem.