Automated Framework Discovery

During code scan of your applications, Highlight automatically detects application dependencies to aggregate this data into CAST Highlight’s Software Composition dashboards. Find below the list of the dependency management tools we support so far.

Framework discovery through dependency files

CAST Highlight retrieves and references other framework and library dependencies through the analysis of dependency & requirement configuration files, such as pom.xml (Java/Maven), .json (Javascript), and .vcproj (C#).

Currently supported dependency management tools & files:

  • Ant (build.xml)
  • Bauer (bauer.json)
  • Composer (composer.json) NEW
  • Go (Go.mod, Go.sum) NEW
  • Gradle (build.gradle, dependencies.gradle)
  • Maven (pom.xml)
  • NPM (package.json and package-lock.json)
  • Python (requirements.txt,
  • Ruby (Gemfile.lock)
  • Visual Studio (.vcproj, .csproj)
  • Yarn (yarn.lock)

Coming soon:

  • Package.swift and Package.resolved