admin/aquasecurity-trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2026-02-07 17:23:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Deployed e8c32deda to dev with MkDocs 1.6.1 and mike 2.1.3

Browse Source
This commit is contained in:
knqyf263
2025-03-17 03:06:21 +00:00
parent ff819ebd0f
commit 2bd6ac6bb6
10 changed files with 208 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dev/docs/coverage/language/python/index.html
View File

@@ -8153,7 +8153,8 @@ In such case Trivy parses specifiers <code>&gt;=</code>,<code>~=</code> and a tr
Mopidy-Dirble ~= 1.1 # Minimum version 1.1
python-gitlab==2.0.* # Minimum version 2.0.0
</code></pre></div>
Also, there is a way to convert unsupported version specifiers - use the <code>pip freeze</code> command.</p>
Also, there is a way to convert unsupported version specifiers - use either the <code>pip-compile</code> tool (which doesn't install the packages)
or call <code>pip freeze</code> from the virtual environment where the requirements are already installed.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>cat<span class="w"> </span>requirements.txt<span class="w"> </span>
boto3~<span class="o">=</span><span class="m">1</span>.24.60
click&gt;<span class="o">=</span><span class="m">8</span>.0
@@ -8176,7 +8177,8 @@ python-dateutil<span class="o">==</span><span class="m">2</span>.8.2
</code></pre></div>
<p><code>requirements.txt</code> files usually contain only the direct dependencies and not contain the transitive dependencies.
Therefore, Trivy scans only for the direct dependencies with <code>requirements.txt</code>.</p>
<p>To detect transitive dependencies as well, you need to generate <code>requirements.txt</code> with <code>pip freeze</code>.</p>
<p>To detect transitive dependencies as well, you need to generate <code>requirements.txt</code> that contains them.
Like described above, tou can do it with <code>pip freeze</code> or <code>pip-compile</code>.</p>
<div class="highlight"><pre><span></span><code>$<span class="w"> </span>cat<span class="w"> </span>requirements.txt<span class="w"> </span><span class="c1"># it will only find `requests@2.28.2`.</span>
<span class="nv">requests</span><span class="o">==</span><span class="m">2</span>.28.2<span class="w"> </span>
$<span class="w"> </span>pip<span class="w"> </span>install<span class="w"> </span>-r<span class="w"> </span>requirements.txt