Software Risk Manager Support Information
Software Risk Manager supports the following browsers and configurations.
Supported Platforms
Software Risk Manager APIs are compatible with any operating system and hardware that can connect to the SRM server or APIs via HTTPS.
Browser Support
The SRM web UI can be accessed using any of the supported browsers shown in the following table:
| Browser | Versions | Provider |
|---|---|---|
| Firefox | Latest | Versions supported by Mozilla |
| Google Chrome | Latest | Versions supported by Google |
| Microsoft Edge | Latest | Versions supported by Windows 10 |
| Safari | Latest | Versions supported by Apple |
Scan Farm Supported File Types and Tests
Note: Supported file types and tests apply to integrated Coverity and Black Duck
only.
SAST Language Support
SRM supports the following SAST languages:
| Language | Language Versions | Code Upload (UI) | Git Integration | CI via Black Duck Bridge CLI (CLI) |
|---|---|---|---|---|
| Salesforce Apex | Supported | Supported | Supported | |
| C/C++ | C++23 C++20 C++98 C++03 C++11 C++14 C++17 C89 C99 C11 |
Not Supported | Not Supported | Supported |
| C# | Up to C# 12 | Supported | Supported | Supported |
| Dart | Version Agnostic | Supported | Supported | Supported |
| Go | Go 1.20–1.21 | Not Supported | Not Supported | Supported |
| Java | Up to Java 21 | Supported | Supported | Supported |
| JavaScript | ECMAScript 2023 | Supported | Supported | Supported |
| Kotlin | 1.8.0-1.8.22, 1.9.0 | Not Supported | Not Supported | Supported |
| Objective-C/C++ | Not Supported | Not Supported | Supported | |
| PHP | Version Agnostic | Supported | Supported | Supported |
| Python | Python 3.x–3.11 | Supported | Supported | Supported |
| Ruby | Matz's Reference Impl. (MRI) 1.9.2–3.2 and equivalents (via Breakman pro bundles into analysis kit) | Supported | Supported | Supported |
| Swift | Version Agnostic | Supported | Supported | Supported |
| TypeScript | TypeScript 1.0–5.2 | Supported | Supported | Supported |
| Visual Basic | Up to Visual Basic 16 | Not Supported | Not Supported | Supported |
Infrastructure as Code: Static Testing
SRM supports the following Infrastructure as Code Static Testing.
| Language | What is supported | Code Upload (UI) | Git Integration | CI via Black Duck Bridge CLI (CLI) |
|---|---|---|---|---|
| IaC | Platforms: AWS CloudFormation, Kubernetes,
Terraform. Formats: HCL (Terraform), JSON, XML, YAML |
Supported | Supported | Supported |
SCA Language and Package Manager Support
SRM supports the following SCA languages and package manager support:
| Package Manager | Language | Test Mode | Supported | Entry Point | Supported Detectors, Requirements | Accuracy |
|---|---|---|---|---|---|---|
| Apache Ivy | Various | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Ivy Build Parse | Ivy Build Parse
|
Low | ||
| BitBake | Various | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Bitbake CLI | ||||
| Cargo | Rust | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Cargo Lock | Cargo Lock
|
High | ||
| Carthage | Various | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Carthage Lock | Carthage Lock
|
High | ||
| CocoaPods | Objective-C | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Pod Lock | Pod Lock
|
High | ||
| Conan | C/C++ | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Conan Lock | Conan Lock
|
High | ||
Conan CLI
|
High | |||||
| Conan CLI | Conan CLI
|
High | ||||
| Conda | Python | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Conda CLI | Conda CLI
|
High | ||
| CPAN | Perl | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Cpan CLI | Cpan CLI
|
High | ||
| CRAN | R | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Packrat Lock | Packrat Lock
|
High | ||
| Dart | Dart | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Dart CLI | Dart CLI
|
High | ||
Dart PubSpec Lock
|
High | |||||
| Dart PubSpec Lock | Dart PubSpec Lock
|
High | ||||
| Go Dep | Golang (Go) | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | GoDep Lock | GoDep Lock
|
High | ||
| Go Gradle | Golang (Go) | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | GoGradle Lock | GoGradle Lock
|
High | ||
| Go Modules | Golang (Go) | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | GoMod CLI | GoMod CLI
|
High | ||
| Go Vendor | Golang (Go) | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Go Vendor | Go Vendor
|
High | ||
| GoVndr CLI | GoVndr CLI
|
High | ||||
| Gradle | Various | Code upload or SCM integration | Supported | Gradle Project Inspector | Gradle Project Inspector
|
Low |
| Black Duck Bridge CLI (CI/CLI) | Supported | Gradle Native Inspector | Gradle Native Inspector
|
High | ||
Gradle Project Inspector
|
Low | |||||
| Hex | Erlang | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Rebar CLI | Rebar CLI
|
High | ||
| Lerna | Node.js | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Lerna CLI | Lerna CLI
|
High | ||
| Maven | Various | Code upload or SCM integration | Supported | Maven Project Inspector | Maven Project Inspector
|
Low |
| Black Duck Bridge CLI (CI/CLI) | Supported | Maven CLI | Maven CLI
|
High | ||
Maven Project Inspector
|
Low | |||||
| Maven Wrapper CLI | Maven Wrapper CLI
|
High | ||||
Maven Project Inspector
|
Low | |||||
| npm | Node.js | Code upload or SCM integration | Supported | NPM Package Lock | NPM Package Lock
|
High |
| NPM Package Json Parse | NPM Package Json Parse
|
Low | ||||
| Black Duck Bridge CLI (CI/CLI) | Supported | NPM Shrinkwrap | NPM Shrinkwrap
|
High | ||
NPM Package Lock
|
High | |||||
NPM CLI
|
High | |||||
NPM Package Json Parse
|
High | |||||
| NPM Package Lock | NPM Package Lock
|
High | ||||
NPM CLI
|
High | |||||
NPM Package Json Parse
|
Low | |||||
| NPM CLI | NPM CLI
|
High | ||||
NPM Package Json Parse
|
Low | |||||
| NPM Package Json Parse | NPM Package Json Parse
|
Low | ||||
| NuGet | C# | All | Supported | NuGet Solution Native Inspector | NuGet Solution Native Inspector
|
High |
NuGet Project Inspector
|
Low | |||||
| NuGet Project Native Inspector | NuGet Project Native Inspector
|
High | ||||
NuGet Project Inspector
|
Low | |||||
| Packagist | PHP | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Composer Lock | Composer Lock
|
High | ||
| PEAR | PHP | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Pear CLI | Pear CLI
|
High | ||
| pip | Python | Code upload or SCM integration | Supported | Pipfile Lock | Pipfile Lock
|
High |
| Black Duck Bridge CLI (CI/CLI) | Supported | Pipenv Lock | Pipfile Lock
|
High | ||
PIP Native Inspector
|
High | |||||
Pipfile Lock
|
High | |||||
| Pip Native Inspector | PIP Native Inspector
|
High | ||||
Pipfile Lock
|
High | |||||
| Pipfile Lock | Pipfile Lock
|
High | ||||
| pnpm | Node.js | All | Supported | Pnpm Lock | Pnpm Lock
|
High |
| Poetry | Python | All | Supported | Poetry Lock | Poetry Lock
|
High |
| RubyGems | Ruby | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Gemfile Lock | Gemfile Lock
|
High | ||
Gemspec Parse
|
Low | |||||
| Gemspec Parse | Gemspec Parse
|
Low | ||||
| SBT | Scala | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Sbt Native Inspector | Sbt Native Inspector
|
High | ||
| Swift | Swift | Code upload or SCM integration | Supported | Swift Lock | Swift Lock
|
High |
| Black Duck Bridge CLI (CI/CLI) | Supported | Swift Lock | Swift Lock
|
High | ||
Swift CLI
|
High | |||||
| Swift CLI | Swift CLI
|
High | ||||
| Xcode | Swift | Code upload or SCM integration | Not Supported | |||
| Black Duck Bridge CLI (CI/CLI) | Supported | Xcode Workspace Lock | Xcode Workspace Lock
|
High | ||
Xcode Project Lock
|
||||||
| Xcode Project Lock | Xcode Project Lock
|
|||||
| Yarn | Node.js | All | Supported | Yarn Lock | Yarn Lock
|
High |
SCA Package Manager Versions
SRM supports the following SCA package manager versions:
Note: Package manager version
requirements are only applicable to tests created with Black Duck Bridge CLI (when testing relies on/requires access to
executables). "N/A" in the table below indicates buildless capture is used to
test projects that depend on the package manager.
| Package Manager | Latest Supported Version |
|---|---|
| Apache Ivy | N/A |
| Bazel | 4.2.0 |
| BitBake | 2.6.0 (Yocto 4.3.2) |
| Cargo | N/A |
| Carthage | N/A |
| CocoaPods | N/A |
| Conan | 2.0.14 |
| Conda | 4.10.3 |
| CPAN | Cpan Script 1.678 CPAN.pm 2.36 Cpanm 1.7047 |
| CRAN | N/A |
| Dart | Dart 3.1.2 Flutter 3.13.4 |
| Go | 1.20.4 |
| Go Dep | N/A |
| Gogradle | N/A |
| Go Modules | 1.20.4 |
| Go Vendor | N/A |
| Gradle | 8.2.1 |
| Hex | Rebar 3.20.0 |
| Lerna | 6.6.2 |
| Maven | 3.8.1 |
| npm | Node 20.5.1 npm 9.8.1 |
| NuGet | nuget 6.2 .NET runtime is not required with 7.13.0 |
| Packagist | N/A |
| PEAR | 1.10.12 |
| pip | 23.1.2 |
| pnpm | N/A |
| Poetry | N/A |
| RubyGems | 2.0.0 |
| SBT | 1.5.0 |
| Swift | 5.6.1 |
| Xcode | N/A |
| Yarn | 4.1.0 |