Introduction
Static application security testing (SAST) is a security testing technique for identifying security vulnerabilities in an application's source code. We aim to provide a clear overview of the currently supported languages.
| Languages | Versions supported | Frameworks supported | File extensions |
|---|---|---|---|
| Android | 10 to 14 | N/A | .apk |
| Bash | 4.0 to 5.2 | N/A | .sh |
| C# | C#6.0 to C#11 | .NET | .cs |
| Cloudformation | July 2022 | N/A | .yaml, .yml, .json |
| Configuration files | N/A | N/A | .json |
| Dart | 2.0 to 3.2 | Flutter | .dart |
| Docker | >20 | N/A | Dockerfile |
| DockerCompose | N/A | N/A | .yaml |
| Go | 1.0 to 1.21 | N/A | .go |
| HTML | 5 | N/A | .html |
| Java | 8, 11, 17 and 21 | JDK | .java |
| Javascript | ES-5 and ES-6 (2015 to 2020) | React, Angular, Vue | .js, .jsx |
| Kotlin | 1.3 to 1.9 | N/A | .kt |
| Kubernetes | N/A | N/A | .yaml, .yml |
| Python | 3.0 to 3.12 | Django, Flask, FastAPI | .py |
| PHP | 7.0.0 to 8.3.6 | N/A | .php |
| Swift | 3.0 to 5.9 | N/A | .swift |
| Typescript | 1.0 to 5.3 | Same as JS | .ts, .tsx |
| Terraform | 1.0 to 1.7 | N/A | .tf |