Contrast Scan supported languages and technologies
Contrast Scan supports these languages and technologies:
Technology | Latest supported version | Associated file extensions | Artifacts to upload |
|---|---|---|---|
Java binary scan | |||
Java (for example: J2EE, JSP, and Spring MVC) | Oracle Java 17 | java | JAR and WAR files or a ZIP file with JAR or WAR files in the root directory of the ZIP file. |
Source code scan | |||
ABAP | 7.51 | abap ,bsp, asprog, aclass, aint, asfinc, asfugr, appl, component | ZIP files or folders that contain files to scan. Contrast Scan automatically detects the language of the files. |
ActionScript | 3 | as | |
ASP.NET | Current version | asax, ascx, ashx, asmx, aspx, master | |
C# | 9 and later | cs, cshtml | |
C | 18 | c, h, pc | |
C++ | 20 | h, hh, cpp, hpp, cc, pc | |
COBOL | Current version | cob, cbl, cpy, pco | |
Go | 1.13 | go | |
Hana SQL Script | Current version | sql | |
HTML | Current version | htm, html, xhtml | |
Informix | Current version | sql, 4gl | |
Java | Oracle Java 17 and later Contrast Scan can scan Oracle Java LTS 21 code, however any specific Oracle Java 21 controls are not scanned. The Contrast scan engine is not fully Oracle Java 21 LTS compliant. | java | |
JavaScript/TypeScript | ES5 | js, xsjs, ts, tsx | |
JCL | Current version | jcl,prc | |
JSP | Current version | jsp,j spx, xhtml | |
Kotlin | 1.6 | kt, kts, ktm | |
NATURAL | Current version | nls, nlp, nlh, nlm, nss, nsp, nsh | |
Objective-C | 2 | h, m | |
Oracle Forms | Current version | oforms | |
PHP | 7.4 | php,php3,php4,php5,php6, phps,phtml | |
PL-SQL | Current version | sql, sf, sps, spb, sp, fnc, spp, plsql, trg, st, prc, pks, pkb, pck | |
PowerScript | 11.5 | sru, sra, srw, srf, srs, srm, srx | |
Python | 3.9 | python, py | |
RPG4 | 7.4 | rpg, rpg3, rpg4, rpgle, dspf, mbr | |
Scala | 2.13 | scala | |
Swift | 5.3 | swift | |
Transact-SQL | Current version | sql, tsql,sp | |
TypeScript | Current version | js,xsjs,ts,tsx | |
Visual Basic 6 | Current version | bas,frm,cls | |
VB.NET | 14 | vb | |
XML | Current version | xml | |
Limited support with Semgrep open source engine
Only the Scan local engine supports these languages.
Language | Details |
|---|---|
Terraform | Visit semgrep-rules/terraform at develop · semgrep/semgrep-rules |
Rust | Visit rust/lang/security |
Ruby 3.X | Visit semgrep.dev/p/ruby |
Semgrep and associated rules are copyrighted software made available under Version 2.1 of the GNU Lesser General Public License. Complete source code for Semgrep, including complete copyright information, is located here.
Visit the links in the table for complete source code for rules. You can access and update them in the Contrast Scan local engine JAR file using the information in Create custom Scan rule exclusions.
Contrast provides scanning of Terraform and Rust as is. Scan languages with the Semgrep engine provides details about using the Semgrep open source scanner with the Contrast Scan local engine.