Automated Dependency Discovery & Supported Package Managers

During code scan of your applications, Highlight automatically detects application dependencies to aggregate this data into CAST Highlight’s Software Composition dashboards. Find below the list of the dependency management tools we support so far.

Dependency discovery through dependency files and package managers

CAST Highlight retrieves and references other framework and library dependencies through the analysis of dependency & requirement configuration files, such as pom.xml (Java/Maven), .json (Javascript), and .vcproj (C#).

Currently supported dependency management tools & files:

  • Ant (build.xml)
  • Composer (composer.json, composer.lock) NEW
  • Go (Go.mod, Go.sum)
  • Gradle (build.gradle, dependencies.gradle, build.gradle.kts)
  • Maven (pom.xml)
  • NPM (package.json and package-lock.json v1, v2, v3)
  • Swift (package.swift, package.resolved) NEW
  • Python (requirements.txt,, poetry.json, poetry.lock)
  • R (require(), library()) NEW
  • Ruby (Gemfile.lock)
  • Visual Studio (.vcproj, .csproj)
  • Yarn (yarn.lock)