mirror of
https://github.com/aquasecurity/trivy.git
synced 2026-02-09 10:13:12 +08:00
1.3 KiB
1.3 KiB
Language-specific Packages
Trivy automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
| Language | File | Dev dependencies |
|---|---|---|
| Ruby | Gemfile.lock | included |
| Python | Pipfile.lock | excluded |
| poetry.lock | included | |
| PHP | composer.lock | excluded |
| Node.js | package-lock.json | excluded |
| yarn.lock | included | |
| .NET | packages.lock.json | included |
| Java | JAR/WAR/EAR (*.jar, *.war, and *.ear)1 |
included |
| Go | Binaries built by Go2 | excluded |
| go.sum | included |
The path of these files does not matter.
Example: Dockerfile