Language Support
Implera analyses codebases across multiple languages. Coverage varies by domain — this page shows exactly what is supported so you know what to expect.
Coverage by domain
| Feature | JS/TS | Python | Go | Java | Ruby | Rust |
|---|---|---|---|---|---|---|
| Function complexity | Yes | Yes | Yes | Yes | Yes | Yes |
| Duplicate code detection | Yes | Yes | Yes | Yes | Yes | Yes |
| Secret detection | Yes | Yes | Yes | Yes | Yes | Yes |
| Dangerous API patterns | Yes | Yes | No | No | No | No |
| Vulnerability scanning | npm | PyPI | No | No | No | No |
| Import graph | Yes | Yes | No | No | No | No |
| Circular dependency detection | Yes | Yes | No | No | No | No |
| Async pattern detection | Yes | Partial | No | No | No | No |
| Licence compliance | npm | No | No | No | No | No |
| Accessibility scanning | Yes | N/A | N/A | N/A | N/A | N/A |
| AI-assisted reviews | Yes | Yes | Yes | Yes | Yes | Yes |
Full support: JavaScript and TypeScript
JS/TS projects get the deepest analysis. All seven domains are fully covered including framework-specific checks for React, Svelte, Vue and Astro.
- 16 dangerous API patterns with CWE mapping
- 13 secret detection patterns
- 10 WCAG accessibility patterns (templates and CSS)
- npm, pnpm and yarn lockfile parsing
- Vulnerability scanning via OSV
- Import graph with circular dependency detection
- Sequential await and N+1 query detection
- 13 heavy/deprecated package detections
- SPDX licence compliance
Strong support: Python
Python projects get security scanning, vulnerability detection and complexity analysis.
Supported package formats: requirements.txt and requirements-dev.txt.
- 10 Python-specific dangerous API patterns (eval, exec, pickle, subprocess, SQL injection)
- PyPI vulnerability scanning via OSV
- Import graph and circular dependency detection
- Function complexity and duplicate code detection
- pytest test file detection (
test_*.py,*_test.py)
Broad support: Go, Rust, Java, Ruby, C#, PHP, Dart, Kotlin, Scala
These languages are supported for static complexity analysis (function detection, cognitive and cyclomatic complexity, duplicate code, large functions) AND multi-language SAST via Semgrep (~500 rules covering OWASP Top 10, CWE Top 25, secrets, JWT and SQL injection). Dependency vulnerability scanning via Google's OSV-Scanner covers Go modules, Cargo, Maven, Gradle, Gemfile, composer, NuGet, pubspec and mix lockfiles. AI-assisted reviews work across all languages since they read source code directly.
Not yet available for these languages: regex-based dangerous-API detection (mostly covered by Semgrep instead), language-specific import graphs, and accessibility lint rules. We expand coverage based on user demand.
Universal features
These features work regardless of language:
- Secret detection (API keys, tokens, private keys, database URLs)
- README and documentation checks
- Git-based change coupling analysis
- .env.example coverage checking
- CI/CD pipeline detection
- AI-assisted specialist reviews across all seven domains
Template formats for accessibility
Accessibility scanning works on these template formats:
- HTML, Svelte, React (JSX/TSX), Vue, Astro
- Handlebars, EJS, ERB (Rails), PHP
- CSS, SCSS, Less (for focus and outline checks)
What's next
We are expanding language support based on demand. If your primary language is not fully supported, the AI-assisted reviews still provide useful insights by reading your source code directly. Connect your repo and see what Implera finds.
FAQ