gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-21 14:50:53 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dbc7a83e8c68529a6d6e6bb63863a40f5d7e97dc
trivy/docs/vulnerability/detection/language.md
Ankush K dbc7a83e8c feat(python): add packaging detector and respective hook (#1223) 
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2021-09-13 20:59:11 +03:00

2.3 KiB
Raw Blame History

Language-specific Packages

Trivy automatically detects the following files in the container and scans vulnerabilities in the application dependencies.

Language File Image1 Filesystem2 Repository3 Dev dependencies
Ruby Gemfile.lock included
Python Pipfile.lock - excluded
poetry.lock - included
requirements.txt - included
egg package4 - excluded
wheel package5 - excluded
PHP composer.lock excluded
Node.js package-lock.json excluded
yarn.lock ncluded
.NET packages.lock.json included
Java JAR/WAR/EAR6 7 included
Go Binaries built by Go8 - excluded
go.sum - included

The path of these files does not matter.

Example: Dockerfile

  1. means "enabled" and - means "disabled" in the image scanning ↩︎

  2. means "enabled" and - means "disabled" in the filesystem scanning ↩︎

  3. means "enabled" and - means "disabled" in the git repository scanning ↩︎

  4. *.egg-info, *.egg-info/PKG-INFO, *.egg and EGG-INFO/PKG-INFO ↩︎

  5. .dist-info/META-DATA ↩︎

  6. *.jar, *.war, and *.ear ↩︎

  7. It requires the Internet access ↩︎

  8. UPX-compressed binaries don't work ↩︎

Reference in New Issue View Git Blame Copy Permalink