mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-22 07:10:41 -08:00
36 lines
2.8 KiB
Markdown
36 lines
2.8 KiB
Markdown
# Language-specific Packages
|
|
|
|
`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
|
|
|
|
| Language | File | Image[^6] | Rootfs[^7] | Filesysetm[^8] | Repository[^9] |Dev dependencies |
|
|
|----------|--------------------------|:---------:|:----------:|:--------------:|:---------------:|-----------------|
|
|
| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included |
|
|
| | gemspec | ✅ | ✅ | - | - | included |
|
|
| Python | Pipfile.lock | - | - | ✅ | ✅ | excluded |
|
|
| | poetry.lock | - | - | ✅ | ✅ | included |
|
|
| | requirements.txt | - | - | ✅ | ✅ | included |
|
|
| | egg package[^1] | ✅ | ✅ | - | - | excluded |
|
|
| | wheel package[^2] | ✅ | ✅ | - | - | excluded |
|
|
| PHP | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded |
|
|
| Node.js | package-lock.json | - | - | ✅ | ✅ | excluded |
|
|
| | yarn.lock | - | - | ✅ | ✅ | included |
|
|
| | package.json | ✅ | ✅ | - | - | excluded |
|
|
| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included |
|
|
| Java | JAR/WAR/EAR[^3][^4] | ✅ | ✅ | ✅ | ✅ | included |
|
|
| Go | Binaries built by Go[^5] | ✅ | ✅ | - | - | excluded |
|
|
| | go.sum | - | - | ✅ | ✅ | included |
|
|
|
|
The path of these files does not matter.
|
|
|
|
Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile)
|
|
|
|
[^1]: `*.egg-info`, `*.egg-info/PKG-INFO`, `*.egg` and `EGG-INFO/PKG-INFO`
|
|
[^2]: `.dist-info/META-DATA`
|
|
[^3]: `*.jar`, `*.war`, and `*.ear`
|
|
[^4]: It requires the Internet access
|
|
[^5]: UPX-compressed binaries don't work
|
|
[^6]: ✅ means "enabled" and `-` means "disabled" in the image scanning
|
|
[^7]: ✅ means "enabled" and `-` means "disabled" in the rootfs scanning
|
|
[^8]: ✅ means "enabled" and `-` means "disabled" in the filesystem scanning
|
|
[^9]: ✅ means "enabled" and `-` means "disabled" in the git repository scanning
|