If project is closed-source: insist on binary provenance attestation, vendor security assessments, and sandbox testing.
Java is a common choice for such tools due to: takipcimx 6k java
If the target platform uses advanced JavaScript rendering or cloud protection (like Cloudflare), raw HTTP requests will fail. You can switch to Java-based browser automation. If project is closed-source: insist on binary provenance