Deployed 29615be85 to dev with MkDocs 1.3.0 and mike 1.1.2

2026-02-05 00:03:51 +08:00 · 2024-05-30 08:54:28 +00:00
parent ca9099a3a4
commit 4fed593ad8
5 changed files with 62 additions and 5 deletions
--- a/dev/docs/coverage/language/python/index.html
+++ b/dev/docs/coverage/language/python/index.html
@@ -1978,6 +1978,26 @@ You're not viewing the latest version.
    pip
  </a>
  
+    <nav class="md-nav" aria-label="pip">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#dependency-detection" class="md-nav__link">
+    Dependency detection
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#license-detection" class="md-nav__link">
+    License detection
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
        
          <li class="md-nav__item">
@@ -3922,6 +3942,26 @@ You're not viewing the latest version.
    pip
  </a>
  
+    <nav class="md-nav" aria-label="pip">
+      <ul class="md-nav__list">
+        
+          <li class="md-nav__item">
+  <a href="#dependency-detection" class="md-nav__link">
+    Dependency detection
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#license-detection" class="md-nav__link">
+    License detection
+  </a>
+  
+</li>
+        
+      </ul>
+    </nav>
+  
 </li>
        
          <li class="md-nav__item">
@@ -4005,7 +4045,7 @@ The following scanners are supported for package managers.</p>
 <td>pip</td>
 <td align="center">✓</td>
 <td align="center">✓</td>
-<td align="center">-</td>
+<td align="center">✓</td>
 </tr>
 <tr>
 <td>Pipenv</td>
@@ -4115,6 +4155,7 @@ See <a href="../">here</a> for the detail.</p>
 <h2 id="package-managers">Package managers</h2>
 <p>Trivy parses your files generated by package managers in filesystem/repository scanning.</p>
 <h3 id="pip">pip</h3>
+<h4 id="dependency-detection">Dependency detection</h4>
 <p>Trivy only parses <a href="https://packaging.python.org/en/latest/specifications/version-specifiers/#id4">version specifiers</a> with <code>==</code> comparison operator and without <code>.*</code>.
 To convert unsupported version specifiers - use the <code>pip  freeze</code> command.</p>
 <div class="highlight"><pre><span></span><code>$ cat requirements.txt 
@@ -4157,7 +4198,15 @@ charset-normalizer<span class="o">==</span><span class="m">3</span>.1.0
 <p><code>pip freeze</code> also helps to resolve <a href="https://packaging.python.org/en/latest/tutorials/installing-packages/#installing-extras">extras</a>(optional) dependencies (like <code>package[extras]=0.0.0</code>).</p>
 <p><code>requirements.txt</code> files don't contain information about dependencies used for development.
 Trivy could detect vulnerabilities on the development packages, which not affect your production environment.</p>
-<p>License detection is not supported for <code>pip</code>.</p>
+<h4 id="license-detection">License detection</h4>
+<p><code>requirements.txt</code> files don't contain information about licenses.
+Therefore, Trivy checks <code>METADATA</code> files from <code>lib/site-packages</code> directory. </p>
+<p>Trivy uses 3 ways to detect <code>site-packages</code> directory:</p>
+<ul>
+<li>Checks <code>VIRTUAL_ENV</code> environment variable.</li>
+<li>Detects path to <code>python</code><sup id="fnref:1"><a class="footnote-ref" href="#fn:1">1</a></sup> binary and checks <code>../lib/pythonX.Y/site-packages</code> directory.</li>
+<li>Detects path to <code>python</code><sup id="fnref2:1"><a class="footnote-ref" href="#fn:1">1</a></sup> binary and checks <code>../../lib/site-packages</code> directory.</li>
+</ul>
 <h3 id="pipenv">Pipenv</h3>
 <p>Trivy parses <code>Pipfile.lock</code>.
 <code>Pipfile.lock</code> files don't contain information about dependencies used for development.
@@ -4174,6 +4223,14 @@ See <a href="https://packaging.python.org/en/latest/discussions/wheel-vs-egg/">h
 <p>Trivy looks for <code>*.egg-info</code>, <code>*.egg-info/PKG-INFO</code>, <code>*.egg</code> and <code>EGG-INFO/PKG-INFO</code> to identify Python packages.</p>
 <h3 id="wheel">Wheel</h3>
 <p>Trivy looks for <code>.dist-info/META-DATA</code> to identify Python packages.</p>
+<div class="footnote">
+<hr />
+<ol>
+<li id="fn:1">
+<p>Trivy checks <code>python</code>, <code>python3</code>, <code>python2</code> and <code>python.exe</code> file names.&#160;<a class="footnote-backref" href="#fnref:1" title="Jump back to footnote 1 in the text">&#8617;</a><a class="footnote-backref" href="#fnref2:1" title="Jump back to footnote 1 in the text">&#8617;</a></p>
+</li>
+</ol>
+</div>

              
            </article>