AppScan Source language and framework support
This topic lists the languages that can be scanned in AppScan® Source.
- Language Support on Windows
- Language Support on Linux
- Language Support on macOS
- Framework for Frameworks handling APIs: built-in framework support
Language Support on Windows
IBM® Security AppScan Source for Analysis, IBM Security AppScan Source for Automation, and the IBM Security AppScan Source command line interface (CLI) support scanning these languages:
- C/C++
- COBOL
- ColdFusion
- Java™ (including support for Android APIs)
- JavaServer Pages (JSP)
- JavaScript (including support for AngularJS and Node.js)
- Perl
- PHP (Versions 5.5, 5.6, and 7.0)
- PL/SQL
- Python
- T-SQL
- .NET (C#, ASP.NET, VB.NET) - Microsoft .NET Framework Versions 2.0, 3.0, 3.5, 4.0, 4.5, and 4.6
- ASP (JavaScript/VBScript)
- Visual Basic 6
The AppScan Source for Development Visual Studio plug-in supports scanning C/C++ and .NET (C#, ASP.NET, VB.NET).
- MobileFirst Platform project scan support includes: Native client-side Android and iOS source code, in addition to most user-written JavaScript client-side code. MobileFirst Platform web applications can also be scanned.
- MobileFirst Platform project scan support does not include: Server-side JavaScript code such as MobileFirst Platform Adapter code.
Language Support on Linux
IBM Security AppScan Source for Analysis, IBM Security AppScan Source for Automation, and the IBM Security AppScan Source command line interface (CLI) support scanning these languages:
- C/C++
- COBOL
- ColdFusion
- Java (including support for Android APIs)
- JavaServer Pages (JSP)
- JavaScript (including support for AngularJS and Node.js)
- Perl
- PHP (Versions 5.5, 5.6, and 7.0)
- PL/SQL
- Python
- T-SQL
- MobileFirst Platform project scan support includes: Native client-side Android and iOS source code, in addition to most user-written JavaScript client-side code. MobileFirst Platform web applications can also be scanned.
- MobileFirst Platform project scan support does not include: Server-side JavaScript code such as MobileFirst Platform Adapter code.
Language Support on macOS
IBM Security AppScan Source for Analysis, IBM Security AppScan Source for Automation, and the IBM Security AppScan Source command line interface (CLI) support scanning these languages:
- Objective-C in iOS Xcode projects and workspaces
- Java (including support for Android APIs)
- JavaServer Pages (JSP)
- JavaScript (including support for AngularJS and Node.js)
- MobileFirst Platform project scan support includes: Native client-side Android and iOS source code, in addition to most user-written JavaScript client-side code. MobileFirst Platform web applications can also be scanned.
- MobileFirst Platform project scan support does not include: Server-side JavaScript code such as MobileFirst Platform Adapter code.
Framework for Frameworks handling APIs: built-in framework support
AppScan Source includes built-in support for these frameworks:
- AngularJS
- Apache Struts 1 and 2
- Spring MVC 2.5, 3, and 4
- ASP .NET MVC 3, 4, and 5 (Windows only)
- Enterprise JavaBeans (EJB) 2
- ASP .NET (Windows only)
- J2EE
- JavaServer Faces (JSF) 2
- .NET 4.5 (Windows only)
- Node.js
- Jax - RS (V1.0 and V1.1)
- Jax - WS (V2.2)