LifecycleLifecycle ScanningScanning Quick start for supported languages and where to scan. For more information, see the Comprehensive Guide to Lifecycle Scanning.

Java JavaScript NuGet / .Net Python Docker C / C++

Application Types: Application Types: Application Types: Application Types: Application Types: Application Types: , , , .gz, , tgz, js, zip, tar.gz, tgz nupkg, dll, zip, tar.gz requirements.txt tar CMake files bz2 If using webpack to build, use Best option is to use the Use only requirements using Scans the application layer of Scan in the CLI using XC: Scan the application files copy-modules-web- Visual Studio Plugin. the "==" operator and version your containers, and provides Use the -xc, --expand- using either the Maven plugin pack-plugin. without wildcards. . precise component ed-coverage parameter to or the CLI. Scanning the deployment intelligence for Java, run an XC scan. Otherwise scan in the CLI. artifact (zip file usually) can To scan in the CLI: JavaScript, Nuget, and A scan will pick up all the also be useful at the release - Use pipfreeze to create Python. NOTE: XC results come from dependencies packaged into stage to catch anything not the requirements file. unverified public sources, that file unless it’s an uber jar. directly brought in through - Add optional environmental To scan a Docker image, first and do not include any . markers. save it as a tar file, and then Sonatype enriched Maven scans provide 100% - Run a scan. run a scan in the CLI, Web UI, information. hash matching. NOTE: scanning .nupkg files or as a CI build step. provides the best results.

Android Ruby PHP Node / node.js Swift

Application Types: Application Types: Application Types: Application Types: Application Types: Application Types: jar, war, ear, tar.gz, zip, tgz, .rpm / tgz gemfile.lock .lock js, zip, tar.gz, tgz Package.Swift (for Swift) bz2 .podspec (for CocoaPods) Best option is to scan in a CI Firewall and XC only, not Scan in the CLI using XC: To scan in the CLI: Scanning APK directly is not build before it is packaged available in Lifecycle. Use the -xc, --expand- - Scan the node_modules Scan in the CLI using XC: supported. into a deb. ed-coverage parameter to folder generated from Use the -xc, --expand- - Compilers convert source Scan in the CLI using XC: run an XC scan. install. ed-coverage parameter to code into DEX (Dalvik To scan in the CLI using XC: Use the -xc, --expand- - Delete the node_modules run an XC scan. Executable) file - Use the -xc, --expand- ed-coverage parameter to and run npm install Maven Build ed-coverage parameter to run an XC scan. --production to exclude - Use the maven plugin run an XC scan. dev dependencies in the Gradle Build package.json. - Maven copy dependencies Scan folder using the CLI

NOTE: This guide will be updated as more language support is added to the Nexus IQ Server. Please check back often for updates.