Snyk Code - Supported languages and frameworks

Snyk Code is based on a deep-code, semantic-code Analysis Engine, which uses AI to continuously learn from billions of lines of code, and 100s of millions of code fixes, in the global development community. The Snyk Code AI Engine continuously evolves the human-guided reinforced learning cycle lead by Snyk's security researchers and engineers. See this blog article for more details.
When files are provided for analysis, the engine determines which file to feed into which parser, in a language-independent common intermediate format. This format preserves and exposes characteristics of the scanned source code.
This technology allows Snyk Code to:
  • Support any programming language easily.
  • Support multi-language projects, spanning security scans over the different languages.
  • Unveil interfile issues, such as issue patterns spread over several source files, which are typically especially hard to track.
  • Find issue patterns using the Snyk Code engine, compiling the found issues as a report.
Snyk Code currently supports the following programming languages:
  • C#
  • Go
  • Java
  • JavaScript
  • PHP
  • Python
  • Ruby
  • TypeScript
Beta support exists for Kotlin. Contact us for more details or with your further needs.

Snyk Code can work with a variety of relevant language types:
  • Dynamically typed languages such as JavaScript and Python.
  • Optionally strong typed languages such as TypeScript.
  • Strong typed languages such as Java.
For a full list of Vulnerability Types/Security Rules that are applied to each supported language by Snyk Code, see Security Rules used by Snyk Code.

The following are the supported extensions:
  • ejs, es, es6, htm, html, js, jsx, ts, tsx, vue, java, erb, haml, rb, rhtml, slim, py, go, ASPX, Aspx, CS, Cs, aspx, cs, php, xml.

To support a specific framework, Snyk Code needs to both support the relevant language, and to be trained on projects using the framework. The found patterns are then annotated by our security team and extended by curated content.
Most framework are supported "out of the box" as Snyk Code only need to be able to parse the code to analyze it. In some cases they might require specific rules, or it might require specific program analysis engine update or both. If you notice any gaps in a specific framework support contact our Support team with the details/examples and our team will work on it.

These are some of the explicitly supported frameworks for JavaScript; those are in-additon to the general support for all frameworks.
  • React: Open-source, front end, JavaScript library for building user interfaces or UI components for websites and mobile applications.
  • Vue.js: Open-source model–view–viewmodel front end JavaScript framework for building user interfaces and single-page applications.
  • Express: Back-end web application framework for Node.js, released as free and open-source software. It has been called the de facto standard server framework for Node.js.
  • jQuery: A fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, ...

These are some of the explicitly supported frameworks for Java; those are in-additon to the general support for all frameworks.
  • Apache Camel: Open source framework for message-oriented middleware with a rule-based routing and mediation engine.
  • Apache Struts: Open-source, MVC framework for creating elegant, modern Java web applications.
  • Spring MVC: The Spring Web model-view-controller (MVC) framework.
  • Spring JDBC: The Spring JDBC data access layer, a simple ORM.
  • Jakarta XML Services: Framework to implement XML-based Web Services.

These are some of the explicitly supported frameworks for Python; those are in-additon to the general support for all frameworks.
  • Django: a framework for full-stack web application development and server development.
  • Flask a lightweight WSGI web application framework

These are some of the explicitly supported frameworks for C#; those are in-additon to the general support for all frameworks.
  • .NET framework: .NET is an open source developer platform, created by Microsoft and used to build a variety of application types. While .NET supports different languages, Snyk Code supports .NET using the C# interface.
  • ASP.NET (version 4.x): ASP.NET is a free and open source framework to build web apps and services using .NET. Snyk Code supports version 4.x.
  • .NET Core: Microsoft created .NET Core to make the .NET framework cross-platform and enable a number of scenarios. The .NET framework and .NET Core share many components and code can be exchanged. (Microsoft provides guidance when to choose which)
The framework support is always determined by the file extensions known to the engine. For example, the engine does not scan *.cshtml files, but scans the associated *.cshtml.cs files.

Snyk Code automatically excludes the following files from analysis:
  • On the Web UI - files that are larger than 4MB.
  • On the CLI and IDE - files that are larger than 1MB.
  • Minified JS files with 3 or less lines.
Export as PDF
Copy link
Edit on GitHub
On this page
Language support with Snyk Code AI Engine
Language type and framework support
Supported Extensions
Framework support
JavaScript frameworks
Java frameworks
Python frameworks
C# frameworks
File size limit for Snyk Code analysis