Can Ketryx scan for dependencies outside of the built-in dependency scanner languages?

Lee Chickering
Lee Chickering

Yes! Outside of the built-in dependency scanner languages, Ketryx is able to support C#, C++, R and other languages not accounted for in built-in scanning using our SPDX functionality. 

Ketryx can scan SPDX files, reported to Ketryx via the Build API, to extract information about software packages, including version, license, and advisory information (introduced in SPDX version 2.3), and checks direct and indirect (transitive) dependencies for vulnerabilities.  Ketryx parses the SPDX file and creates corresponding dependencies as defined within these files. 

Ketryx supports SPDX files in JSON format, of the Version 2.2 and 2.3 of the SPDX specification. Such SPDX files can be generated with a variety of tools (see documentation).

  • C# - Both Snyk and FOSSA can scan for C# dependencies.
  • C/ C++ - is supported by FOSSA 
  • R - unclear which scanners if any support R.

 

A full list of languages supported by Synk and other scanning tools can be found on their websites.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.