Prerequisites
The following lists the dependencies required by Qwiet preZero to correctly analyze your app/project. We recommend ensuring that the local workstation on which Qwiet preZero runs mirrors your development environment as closely as possible.
Browser requirements
Qwiet supports the latest versions of Google Chrome and Mozilla Firefox.
Language support and requirements
Qwiet preZero's preZero is capable of analyzing applications written in the following languages and using the listed frameworks:
- C/C++
- C#
- Go
- Java
- JavaScript/TypeScript
- Kotlin
- Python
- Scala
preZero can also analyze your Terraform projects/modules.
⚠️ Qwiet preZero cannot analyze encrypted or obfuscated artifacts (e.g., encrypted/obfuscated JAR or WAR) or encrypted code.
Language-specific requirements
- C/C++
- C#
- Go
- Java
- JS/TS
- Kotlin
- Python
- Scala
- Terraform
- Java 11 (or later) installed on the machine running Qwiet
Optional: In the environment where you're running Qwiet AI, ensure that GCC and g++ are installed for auto-discovery of C/C++ system header files if included/used in your C/C++ code.
Qwiet preZero is supported on Windows, Linux, and macOS with the specified runtimes installed:
| System | Runtime * |
|---|---|
| Windows | .NET Framework 4.7.2 and/or .NET 5.0 |
| Linux/macOS | .NET 5.0 |
Your applications should have the following characteristics:
- Written in C# 11 (or earlier)
- Written for one of the following technologies:
- .NET Framework
- .NET 5.0, 6.0 or 7.0
* See Alternatives for machines without a required runtime if your app doesn't meet the required characteristics.
Machine requirements: We recommend running preZero on a machine with a minimum of 4 GB RAM and 2 CPU Cores. For each subsequent 100,000 lines of code that you submit for analysis, we recommend an additional 2 GB RAM and 1+ CPU Core.
| Lines of code | CPUs | RAM |
|---|---|---|
| <100k | 3 cores | 6 GB |
| >100k | 4 cores | 8 GB |
| > 200k | 5 cores | 10 GB |
| +100k | +1 core | +2 GB |
For example, if your application contains 200,000 lines of code, we recommend that the machine you're using have 8 GB RAM and 4 CPU cores.
Namespaces: preZero is compatible with C# apps that utilize the following namespaces:
SCA: To identify open-source vulnerabilities in C# applications, Qwiet preZero requires one of the following package formats: .csproj, packages.config.
Ensure that you've installed the correct version of Go for your app (Qwiet AI currently supports apps written in Go 1.12 - 1.19).
Qwiet preZero only analyzes source code, not compiled applications, though the VM or the environment you use should support building Go applications correctly. Try building the Go application first using
go build(ormake buildif you're using aMakefile) command before attempting code analysis.
Supported frameworks:
- beego
- chi
- Echo
- Gin
- Go - crypto/tls
- Go - net/http
- Go - html/template
- Go kit
- Gorilla Mux
- HttpRouter
- Invision rye
SCA: To identify open-source vulnerabilities in Go applications, Qwiet preZero requires one of the following package formats: Gopkg.lock, go.mod, go.sum.
Qwiet preZero requires:
- Java SE Runtime Environment 8
- The correct version of Java for their app (supported: Java 7-11, 14-15, 17)
- Maven/Gradle/sbt (or whichever tool you're using to build your app)
- At least 16 GB of memory available in the build environment
preZero's code analysis is performed on the compiled application bytecode (not on the source code). As such, you must build your application before analyzing it with preZero.
Some build tools you might consider include Maven, Gradle, sbt, etc.
Supported frameworks:
| Framework | Supported versions | Notes |
|---|---|---|
| Akka (Java API) | 2.5.x | |
| Akka (Scala API) | 2.5.x | |
| Dropwizard | 1.x, 2.x | |
| Eclipse Vert.x | 3.x | |
| Google Web Toolkit (GWT) | 2.8.x | |
| Jakarta Servlet | 3.x | |
| JAX-RS | 1.x, 2.x | |
| JAX-WS | 2.x | |
| JSF | 2.x | |
| Play (Java API) | 2.4.x, 2.5.x, 2.6.x, 2.7.x | |
| Play (Scala API) | 2.5.x, 2.6.x, 2.7.x | |
| Spark | 2.7.x, 2.8.x, 2.9.x | Refers to the micro web framework, not the Apache Spark project |
| Spring MVC | 3.x, 4.x, 5.x | |
| Spring WebFlux | 5.x | |
| Struts | 2.x | |
| Struts XWork2 | 2.x |
SCA: To identify open-source vulnerabilities in Java/Scala applications, Qwiet preZero requires one of the following package formats: Maven (pom.xml), Gradle (build.gradle, .kts), Scala (SBT)
Qwiet preZero requires:
- Node.js installed and added to your
PATH - npm or yarn (for building your app)
Supported frameworks:
| Framework | Supported versions | Notes |
|---|---|---|
| Angular.JS (legacy) | 1.x | Limited support |
| Angular | 9 and 10 | Full framework support |
| Angular Next | 11 | Limited support |
| Ember.js | 3.x | Limited support |
| Express | 4.x | Full framework support |
| Express Next | 5.0 | Full framework support |
| Knex.js | > 0.20.x | Limited support |
| Next.js | 9 and 10 | Limited support |
| React | Up to 16.5 | Full framework support |
| React Next | > 16.6, 17.0.x | Limited support |
| Node.js LTS | > 12, 14.x | Full framework support |
| Node.js Current | 15.x | Limited support |
| Vue.js | 2.x | Full framework support for v2.x (v3.x is in testing) |
SCA: To identify open-source vulnerabilities in JavaScript (Node.js) applications, Qwiet preZero requires one of the following package formats: package-lock.json, pnpm-lock.yaml, yarn.lock, Rush.js
Qwiet preZero requires:
- Only supports the analysis of Android applications written in Kotlin using SDK versions 24 to 30.
- Requires a build environment with at least 16 GB of memory available.
- Utilizes Java SE Runtime Environment 8; ensure that this installed in your VM or build environment
Qwiet preZero requires:
- Python 3.8 installed and available in your PATH
- The correct Python version for your application (Qwiet preZero supports applications written using Python 3.9 or earlier)
- For Linux users:
- The
python3.8-venvpackage - A glibc-based operating system, such as Ubuntu or Debian; we recommend using Ubuntu 20.04
- The
Supported frameworks:
| Framework | Supported versions | Notes |
|---|---|---|
| AIOHTTP | 3.x | Limited support |
| Bottle | 0.12-0.13 | Limited support |
| CherryPy | 18.x | Limited support |
| Django | 3.x | Full framework support |
| DjangoRESTFramework | 3.x | Limited support |
| Falcon | 3.x | Limited support |
| Flask | 1.x | Full framework support |
| Hug | 2.x | Limited support |
| Pyramid | 2.x | Limited support |
| Sanic | 21.x | Limited support |
| Tornado | 6.x | Limited support |
| Vibora | 0.0.6 | Limited support |
SCA: To identify open-source vulnerabilities in Python applications, Qwiet preZero requires one of the following package formats: the Pipfile, requirements.txt, the requirements directory, poetry.lock or setup.py files
Qwiet preZero requires the correct version of Scala for your app (supported: Scala 2.12 or later).
Qwiet preZero's code analysis is performed on compiled application bytecode (not on source code), and the code analysis process includes a build of your application. As such, you must build your application before analyzing the application with preZero.
Some build tools you might consider include Maven, Gradle, sbt, etc.
SCA: To identify open-source vulnerabilities in Java/Scala applications, Qwiet preZero requires the following package formats: Maven (pom.xml), Gradle (build.gradle, .kts), Scala (SBT)
Qwiet preZero requires that you have Docker Desktop installed and running.
If you're integrating preZero into a CI/CD system, you must use a Linux build agent.
If you're using Azure Pipelines or GitHub Actions, make sure that you use ubuntu-20.04 as the VM image:
runs-on: ubuntu-20.04
If you cannot use ubuntu-20.04 as the VM image, you may be able to use a Docker-based invocation. However, few CI systems, such as GitHub Actions, support this approach. To use a Docker-based invocation, include the --use-docker flag as part of your sl analyze command:
sl analyze --app appName --use-docker --terraform .
Other tools/frameworks/versions
If you are using a framework (or a different version from the ones listed above), it nevertheless may be compatible with Qwiet. Please contact us for additional details.