AppScan Source language and framework support
This topic lists the languages that can be scanned in AppScan® Source.
- Language Support on Windows
- Language Support on Linux
- Language Support on macOS
- Framework for Frameworks handling APIs: built-in framework support
Language Support on Windows
IBM® Security AppScan Source for Analysis, IBM Security AppScan Source for Automation, and the IBM Security AppScan Source command line interface (CLI) support scanning these languages:
- C/C++
- COBOL
- ColdFusion
- Java™ (including support for Android APIs)
- JavaServer Pages (JSP)
- JavaScript (including support for AngularJS and Node.js)
- Perl
- PHP (Versions 5.5, 5.6, and 7.0)
- PL/SQL
- Python
- T-SQL
- .NET (C#, ASP.NET, VB.NET) - Microsoft .NET Framework Versions 2.0, 3.0, 3.5, 4.0, 4.5, and 4.6
- ASP (JavaScript/VBScript)
- Visual Basic 6
Note: For PHP, Visual Basic 6, and Classic ASP, only ISO-8859-1 (Western Europe), UTF-8, and UTF-16
character sets are supported.
The AppScan Source for Development Visual Studio plug-in supports scanning C/C++ and .NET (C#, ASP.NET, VB.NET).
The AppScan Source for Development Eclipse Plug-in
(which can be applied to IBM MobileFirst
Platform Foundation, Eclipse, or IBM Rational® Application Developer
for WebSphere® Software
(RAD)) supports scanning Java (including support for Android
APIs), JavaServer Pages (JSP), and IBM MobileFirst
Platform projects.
- MobileFirst Platform project scan support includes: Native client-side Android and iOS source code, in addition to most user-written JavaScript client-side code. MobileFirst Platform web applications can also be scanned.
- MobileFirst Platform project scan support does not include: Server-side JavaScript code such as MobileFirst Platform Adapter code.
Language Support on Linux
IBM Security AppScan Source for Analysis, IBM Security AppScan Source for Automation, and the IBM Security AppScan Source command line interface (CLI) support scanning these languages:
- C/C++
- COBOL
- ColdFusion
- Java (including support for Android APIs)
- JavaServer Pages (JSP)
- JavaScript (including support for AngularJS and Node.js)
- Perl
- PHP (Versions 5.5, 5.6, and 7.0)
- PL/SQL
- Python
- T-SQL
Note: For PHP:Only ISO-8859-1 (Western Europe), UTF-8, and UTF-16 character sets are
supported.
The AppScan Source for Development Eclipse Plug-in
(which can be applied to IBM MobileFirst
Platform Foundation, Eclipse, or IBM Rational Application Developer
for WebSphere Software
(RAD)) supports scanning Java (including support for Android
APIs), JavaServer Pages (JSP), and IBM MobileFirst
Platform projects.
- MobileFirst Platform project scan support includes: Native client-side Android and iOS source code, in addition to most user-written JavaScript client-side code. MobileFirst Platform web applications can also be scanned.
- MobileFirst Platform project scan support does not include: Server-side JavaScript code such as MobileFirst Platform Adapter code.
Language Support on macOS
Note: As of version 9.0.3.11, AppScan Source
no longer supports macOS or iOS Xcode project scanning. See Capabilities and features no longer supported in AppScan Source version 9.0.3.11.
IBM Security AppScan Source for Analysis, IBM Security AppScan Source for Automation, and the IBM Security AppScan Source command line interface (CLI) support scanning these languages:
- Objective-C in iOS Xcode projects and workspaces
- Java (including support for Android APIs)
- JavaServer Pages (JSP)
- JavaScript (including support for AngularJS and Node.js)
The AppScan Source for Development Eclipse Plug-in
(which can be applied to IBM MobileFirst
Platform Foundation, Eclipse, or IBM Rational Application Developer
for WebSphere Software
(RAD)) supports scanning Java (including support for Android
APIs), JavaServer Pages (JSP), Objective-C in iOS Xcode projects, and IBM MobileFirst
Platform projects.
- MobileFirst Platform project scan support includes: Native client-side Android and iOS source code, in addition to most user-written JavaScript client-side code. MobileFirst Platform web applications can also be scanned.
- MobileFirst Platform project scan support does not include: Server-side JavaScript code such as MobileFirst Platform Adapter code.
Note: If you are using CocoaPods to create your Xcode projects, you must install its
xcproj tool in order for AppScan Source
to be able to read the generated Xcode project format. See https://github.com/CocoaPods/CocoaPods/wiki/Generate-ASCII-format-xcodeproj for information about installing this tool.
Framework for Frameworks handling APIs: built-in framework support
AppScan Source includes built-in support for these frameworks:
- AngularJS
- Apache Struts 1 and 2
- Spring MVC 2.5, 3, and 4
- ASP .NET MVC 3, 4, and 5 (Windows only)
- Enterprise JavaBeans (EJB) 2
- ASP .NET (Windows only)
- J2EE
- JavaServer Faces (JSF) 2
- .NET 4.5 (Windows only)
- Node.js
- Jax - RS (V1.0 and V1.1)
- Jax - WS (V2.2)