Languages supported

Flyingduck supports scanning for SBOM, SCA, SAST and Secrets scanning across multiple programming languages.

Language	Package Manager	Lockfile
Python	pypi	requirements.txt
	pipenv	pipfile.lock
	poetry	poetry.lock
Javascript Typescript	npm Supported versions: `lockfile version 1, 2, 3`	package.json, package-lock.json
	Yarn Supported versions: `Yarn 1, Yarn 2, Yarn 3`	package.json, yarn.lock
	pnpm Supported versions: `pnpm 5, pnpm 9`	package.json, pnpm-lock.yaml
Java	Gradle	gradle.lockfile, build.gradle
	Maven	pom.xml
	Kotlin	build.gradle.kts
PHP	Composer	composer.json, composer.lock
C#	Nuget Supported versions: `.NET 6 and above` `.NET Core` `ASP.NET 6.x (C# only)` `Mistral.SDK`	*.csproj
Ruby	Bundler	Gemfile.lock, Gemfile
Rust	Cargo	cargo.lock
Go	go mod	go.mod, go.sum

Currently, you can conduct Static Application Security Testing (SAST) and Secrets scanning for Rust, Go, Scala, Swift, C / C++, JSX, and Terraform. Support for Software Bill of Materials (SBOM) and Software Composition Analysis (SCA) will be available soon.

Supported Version Control Systems Jira