Is there any info which third-party open-source libraries will be covered by the new “Deeper SAST” feature? And which programming languages. Are there certain criteria for a library to be covered? How timely is this planned to updated when new relevant libraries appear or new versions of covered libraries are published?
Hello @Bernd_F,
Welcome to the Sonar community!
DeeperSAST supports Java and C# and we want to extend it to Python and JS/TS in the future.
It’s impossible to list the libraries that are supported. For Java, we took the top 1000 most used libraries, and for the C#, the top 100. Soon, we will experiment and measure the impact of supporting the top 2K libraries for Java.
DeeperSAST internal database is refreshed every 2 months in sync with SonarQube releases.
Alex
Hi,
Is there a current list of languages supported. This thread is a couple of years old now and I’m looking for a more up-to-date list.
Leon
Hi @Coombsy I would recommend opening a new thread as, indeed, the previous one is quite old. 
That being said, you would find information here:
It’s “available for Java, C#, and JavaScript/TypeScript and already supports thousands of the topmost and commonly used open-source libraries, including their transitive dependencies.”
Carine
2 Likes