Supported Technologies

Build Tools

Macaron is able to detect the build and deployment scripts for the following build tools and package managers while analyzing the CI configurations, such as GitHub Actions workflows.

  • Maven

  • Gradle

  • Pip

  • Poetry

  • npm

  • Yarn

  • Go

  • Docker

Git Services

Currently, we support the following Git services for version control. If you need support for any other Git services, feel free to open a GitHub issue.

CI Services

Currently, we support the following Continuous Integration (CI) services for automatically building and deploying artifacts. If you need support for any other CI services, feel free to open a GitHub issue.

CI Service

Support

GitHub Actions

  • Detecting deployment steps by building a call graph for workflows and reachable shell scripts

  • Support for various GitHub APIs, such as Releases

GitLab

Partial support for detecting deployment steps

Jenkins

Partial support for detecting deployment steps

Travis CI

Partial support for detecting deployment steps

CircleCI

Partial support for detecting deployment steps

Package Registries

Package Registry

Support

Documentation

JFrog Artifactory

Projects built with Gradle and published to a JFrog Artifactory repo following Maven layout

page

Maven Central Artifactory

Projects built with Gradle or Maven and published on the Maven Central Artifactory.

page

npm Registry

Projects built with npm or Yarn and published on the npm registry.

page

Python Package Index (PyPI)

Projects built with Pip or Poetry and published on the PyPI registry.

page

Provenances

Provenance

Support

Documentation

SLSA

page

Witness

  • Witness provenance version 0.1

  • Projects built with Gradle on GitLab CI

  • The provenance should be published on JFrog Artifactory

page

See also