Dependency Scopes

A dependency has a scope of either runtime (that is, the dependency is required during application runtime) or non-runtime (it is not required during runtime). Depending on the value of the Report Non-Runtime Dependencies option in the scan profile, scan results can include just runtime dependencies or both runtime and non-runtime dependencies. (This option is available only when the scan profile is configured for first-level-dependency or transitive-dependency scans via the Dependency Support field.)

The scope of a reported dependency is shown in the Dependency Scope field listed in the inventory details on the Project Inventory tab and in the Analysis Workbench. The value of this field is either Runtime or Non-Runtime. This general scope designation is based on the ecosystem-specific scope with which the dependency is defined in the code.

Currently, Code Insight reports scopes for dependencies found in only the following manifest files during scans. (Dependencies not found in these files show N/A for Dependency Scope.)

build.gradle and build.gradle.kts files in Gradle Ecosystems
.jar, pom.xml, and .pom files in Maven Ecosystems

The next sections list the ecosystem-specific scopes with which dependencies found in these files can be defined and that the scan translates to the broader Runtime or Non-Runtime scope in the scan results. (The lists show only those scopes currently supported by Code Insight.)

Gradle Dependency Scopes Supported by Code Insight

The following list shows runtime and non-runtime Gradle-specific scopes with which dependencies found in a build.gradle or build.gradle.kts file can be defined. The Gradle scope for a given dependency is converted to the broader Runtime or Non-Runtime scope in the scan results.

Gradle Dependency Scopes for Runtime and Non-Runtime

Runtime Scopes

Non-Runtime Scopes

implementation

api

runtime

runtimeOnly

runtimeElements

runtimeClasspath

providedCompile

providedRuntime

default

sourceSetRuntime

sourceSetRuntimeOnly

sourceSetRuntimeClasspath

apk

compile

kapt

classPath

compileOnlyApi

compileOnly

testImplementation

testCompileOnly

testRunTimeOnly

compileOnlyApi

apiElements

compileClasspath

testCompileClasspath

testRuntimeClasspath

annotationProcessor

testCompile

testRuntime

sourceSetCompile

sourceSetImplementation

sourceSetCompileOnly

sourceSetCompileClasspath

sourceSetAnnotationProcessor

provided

testFixturesImplementation

kaptAndroidTest

kaptTest

testAnnotationProcessor

androidTestImplementation

androidTestApi

androidTestUtil

EnforcedPlatform

debugImplementation

releaseImplementation

androidTestImplementation

androidTestCompile

gradleApi

gradleTestKit

Maven Dependency Scopes Supported by Code Insight

The following list shows runtime and non-runtime Maven-specific scopes with which dependencies found in a .jar, pom.xml, or .pom file can be defined. The Maven scope for a given dependency is converted to the broader Runtime or Non-Runtime scope in the scan results.

.

Maven Dependency Scopes for Runtime and Non-Runtime

Runtime Scopes

Non-Runtime Scopes

compile

provided

runtime

test

system

import

Additional Notes About Maven Dependency Scopes

The following dependency behavior occurs during transitive scan (that is, scans whose scan profile is configured with the All Transitive Dependencies option).

The scan reports dependencies from a dependency management tag with an import scope for a given pom.xml file. However, if these dependencies have dependencies from a dependency management tag in their respective pom.xml files, these next-level dependencies are not reported.
Dependencies defined with the test scope for a given pom.xml file are reported. However, dependencies (also with a test scope) of these dependencies are not reported.