Supported Ecosystems
Discover the languages, package managers, and platforms supported by ComplyVigilance.
Technology Stack Compatibility
ComplyVigilance is built to support modern development workflows across a wide range of languages, frameworks, and environments. It performs deep scans across package managers and containers, giving your team complete visibility into open-source usage, licensing, and vulnerabilities.
Supported Languages & Package Managers
ComplyVigilance analyzes dependencies across the most widely-used ecosystems:
| Ecosystem | Supported Package Managers |
|---|---|
| JavaScript / TypeScript | package.json, package-lock.json, yarn.lock |
| Python | requirements.txt, pipfile, pipfile.lock, pyproject.toml, poetry.lock |
| Java | pom.xml, build.gradle |
| Go | go.mod, go.sum |
| Rust | cargo.toml, cargo.lock |
| .NET | .sln, .csproj, project.assets.json |
| Julia | project.toml, Manifest.toml, REQUIRE |
| C / C++ | vcpkg.json, conanfile.py, conanfile.txt |
| Solidity | foundry.toml, package.json, package-lock.json ` |
Each integration includes support for dependency resolution, license detection, and vulnerability mapping.
For the most accurate results, scanning fully built or resolved projects is recommended.
Docker & Container Scanning
ComplyVigilance supports deep scanning of container images to uncover both base-level and application-layer open-source components:
- Base image inspection – Identifies system-level packages in images based on Debian, Alpine, Ubuntu, CentOS, and more
- Application-layer detection – Scans language-specific packages (e.g., Node.js, Python, Java) embedded within the container
- Local image scanning – Works with images available in your local docker environment
- Remote registry support – Compatible with private and public container registries
This functionality enables accurate detection of licenses, metadata, and vulnerabilities, even in production-ready container builds.