Automated Discovery

The following enhancements have been added to the Automated Discovery feature.

Maven offline dependency analysis for scanner and agent

This enhancement enables the scanner and agent to analyze Maven dependencies in offline mode by using the locally installed mvn tool, without requiring internet access. You can configure the Maven executable path for both components to match your environment. This supports secure and air‑gapped deployments while keeping existing online dependency analysis available for users who still need it.

Enhanced Rust dependency visibility for Code Insight

You can now view complete direct and transitive Rust dependencies for Cargo projects in Code Insight, including accurate version resolution and provenance. The enhancement captures Cargo.toml requirement strings, resolved versions, and source details for git and path dependencies. This improves SBOM quality and enables more reliable security and license risk analysis for Rust-based components.

C/C++ component discovery from Makefiles and CMakeLists.txt

You can now use the scanner to discover C and C++ components by analyzing Makefiles and CMakeLists.txt. It parses build configuration files to identify linked libraries, source modules, and third-party components that are not declared in package manifests.

Hugging Face model detection in Code Insight

You can now detect Hugging Face models and create corresponding custom components directly in Code Insight. When you scan source code, the system reads license details from huggingface.co and creates inventory entries for detected models. This gives you better visibility of Hugging Face usage so that you can construct more complete SBOMs.