Skip to main content

Package manifest coverage

This page lists the package manifest formats supported by Spectra Assure and rl-protect - two complementary tools for identifying risks in open source software (OSS) dependencies and software packages.

rl-protect is a command-line solution designed for a shift-left approach to vulnerability and threat detection. It scans package manifest files and checks declared dependencies for security risks by connecting to the Spectra Assure Community database of analyzed software packages from popular communities, quickly identifying known issues without requiring full package analysis.

On the other hand, Spectra Assure focuses on software assurance and supply chain security by analyzing both OSS components and complete software packages as they are distributed. It operates without requiring source code and is most effective when used continuously to track changes in risk across releases and detect emerging threats.

As Spectra Assure analyzes release artifacts, it does not support lock files, since they are typically not included in published packages.

Use the reference tables below to select a community and check which package manifests are supported across ReversingLabs products:

rl-protect support

The version listed in the table indicates the minimum version of rl-protect required to analyze the corresponding manifest files.

Since rl-protect does not update automatically, be sure to download new versions as they are released to ensure support for all required manifest files.

Node.jsโ€‹

Manifest FileSpectra Assurerl-protect (v1.0.0)
package.jsonโœ”๏ธโœ”๏ธ
package-lock.jsonโŒโŒ
pnpm-lock.yamlโŒโŒ
yarn.lockโŒโŒ

Pythonโ€‹

Manifest FileSpectra Assurerl-protect (v1.0.0)
requirements.txtโŒโœ”๏ธ
pyproject.tomlโœ”๏ธโœ”๏ธ
setup.cfgโŒโœ”๏ธ
PipfileโŒโŒ
Pipfile.lockโŒโŒ
poetry.lockโŒโŒ
pdm.lockโŒโŒ

Rubyโ€‹

Manifest FileSpectra Assurerl-protect (v1.0.0)
gemfileโœ”๏ธโœ”๏ธ
gemspecโŒโœ”๏ธ
gemfile.lockโœ”๏ธโŒ