> For the complete documentation index, see [llms.txt](https://docs.nullify.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nullify.ai/capabilities/code-reviews/code-analysis/supported-languages.md).

# Supported Languages

## Application Languages

| Language   | Assessment Coverage | Autofix Support | Notes                                                                                                        |
| ---------- | ------------------- | --------------- | ------------------------------------------------------------------------------------------------------------ |
| C          | Yes                 | Manual          | Buffer and memory-safety findings with contextual call-tree analysis.                                        |
| C++        | Yes                 | Manual          | Includes modern C++ (17/20) projects with templated sinks.                                                   |
| C#         | Yes                 | Manual          | Supports ASP.NET MVC and API patterns, reports back through GitHub/Bitbucket.                                |
| Go         | Yes                 | Available       | SQLi, SSRF, auth bypass, and command injection; Autofix drafted for qualifying issues.                       |
| Java       | Yes                 | Available       | Supports Spring/Spring Boot, Jakarta EE, and servlet stacks with dataflow reasoning.                         |
| JavaScript | Yes                 | Available       | Covers Node.js backends, Express, Next.js, and browser contexts; fixes drafted for high-confidence findings. |
| TypeScript | Yes                 | Manual          | Shares the JavaScript analysis engine; fixes are reviewed manually before publication.                       |
| Kotlin     | Yes                 | Manual          | JVM and Android server-side use cases mapped via mixed Java/Kotlin projects.                                 |
| PHP        | Yes                 | Manual          | Targets Laravel, Symfony, and raw PHP entry points with sink-driven reasoning.                               |
| Python     | Yes                 | Available       | Django, Flask, FastAPI, and data pipelines with reachability checks; Autofix available.                      |
| Ruby       | Yes                 | Manual          | Focus on Rails and Sinatra patterns, including mass-assignment and CSRF.                                     |
| Rust       | Yes                 | Manual          | Memory-safety, unsafe-block, and web-framework (Axum, Actix) sink analysis.                                  |
| Scala      | Yes                 | Manual          | Supports Play and Akka HTTP services.                                                                        |
| Solidity   | Yes                 | Manual          | Smart-contract checks (reentrancy, access control, unchecked calls).                                         |
| Apex       | Yes                 | Manual          | Salesforce Apex SOQL injection, CRUD/FLS, and sharing-violation analysis.                                    |
| Swift      | Yes                 | Manual          | iOS and server-side Swift entry points with sink-driven reasoning.                                           |

## Infrastructure & Build Definitions

| Format                         | Assessment Coverage | Notes                                                                                      |
| ------------------------------ | ------------------- | ------------------------------------------------------------------------------------------ |
| Terraform (HCL)                | Yes                 | AWS S3, IAM, VPC, EKS, and encryption policies with blast-radius analysis.                 |
| AWS CloudFormation (YAML/JSON) | Yes                 | Reviews stack defaults, logging, encryption, and network exposure controls.                |
| Azure Bicep                    | Yes                 | Focus on AKS, public ingress, identity, and storage hardening.                             |
| Kubernetes Manifests           | Yes                 | Detects run-as-root, privilege escalation, network policy drift, and missing telemetry.    |
| Container build files          | Yes                 | Covers `Dockerfile`/`Containerfile` hardening, multistage hygiene, and base image posture. |

Infrastructure findings link back to cloud context collected through the AWS connector so teams immediately understand affected accounts and services.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.nullify.ai/capabilities/code-reviews/code-analysis/supported-languages.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.