Coverage Matrix
Verscout does not pretend every source works the same way. This table shows where it can detect software, apply updates, verify trust, and recover from failures.
| Source | Detect | Update | Security | Verify | Rollback | Notes |
|---|---|---|---|---|---|---|
| Homebrew Formulae | Yes | One-click | OSV package advisories | No bundle trust check | Limited | Best fit for CLI tools managed directly by Homebrew. |
| Homebrew Casks | Yes | One-click | Compatibility and blocklist checks | Codesign and Team ID | Backup before replacement | Strongest one-click path for GUI apps. |
| pip | Yes | One-click | OSV and pip-audit | No source-specific trust check | Failure-preserving path where supported | Supports both system and virtualenv package inventories. |
| npm | Yes | One-click | npm audit data | No source-specific trust check | Limited | Focused on globally installed packages. |
| Mac App Store | Yes | Store-managed | Apple-signed delivery | Codesign metadata | Store-managed | Update path depends on App Store availability and metadata. |
| Standalone Apps | Yes | One-click when a supported feed exists | Blocklist and compatibility checks | Codesign and Team ID | Automatic bundle rollback on failed replace | Works with Sparkle, Electron, GitHub, and cask fallback strategies. |
| Setapp | Yes | Native updater handoff | App trust signals | Codesign metadata | Provider-managed | Subscription state stays with Setapp. |
| Adobe | Yes | Native updater handoff | App trust signals | Codesign metadata | Provider-managed | Inventory and reminders are stronger than automation here. |
| Microsoft | Yes | Native updater handoff | App trust signals | Codesign metadata | Provider-managed | Covers Office, Edge, and related MAU-managed apps. |
| JetBrains | Yes | Native updater handoff | App trust signals | Codesign metadata | Provider-managed | Tracks Toolbox-managed IDE installs. |
| Deep Find | Yes | Selective | Limited | Selective | Selective | Discovers JDKs, CLI tools, plugins, drivers, launch items, and hidden app bundles. |
How to read this
The most automated paths are Homebrew, App Store handoff, and standalone apps with a supported machine-readable feed. Vendor-managed ecosystems stay source-aware and use native updater flows where required.
Deep Find is separate
Deep Find is the discovery layer for software a normal app scan misses, including JDKs, plugins, launch items, frameworks, and hidden app bundles.