gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-10 06:40:46 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
efdb29d0d4bfafb9f18aca4658cf306e7634e095
trivy/docs/vulnerability/detection/language.md
Rory McCune 23a9a5e319 docs: typo fix (#1308) 
Just fixing a typo in the docs "Filesysetm" --> "Filesystem
2021-10-25 19:39:34 +03:00

2.8 KiB
Raw Blame History

Language-specific Packages

Trivy automatically detects the following files in the container and scans vulnerabilities in the application dependencies.

Language File Image1 Rootfs2 Filesystem3 Repository4 Dev dependencies
Ruby Gemfile.lock - - included
gemspec - - included
Python Pipfile.lock - - excluded
poetry.lock - - included
requirements.txt - - included
egg package5 - - excluded
wheel package6 - - excluded
PHP composer.lock excluded
Node.js package-lock.json - - excluded
yarn.lock - - included
package.json - - excluded
.NET packages.lock.json included
Java JAR/WAR/EAR7 8 included
Go Binaries built by Go9 - - excluded
go.sum - - included

The path of these files does not matter.

Example: Dockerfile

  1. means "enabled" and - means "disabled" in the image scanning ↩︎

  2. means "enabled" and - means "disabled" in the rootfs scanning ↩︎

  3. means "enabled" and - means "disabled" in the filesystem scanning ↩︎

  4. means "enabled" and - means "disabled" in the git repository scanning ↩︎

  5. *.egg-info, *.egg-info/PKG-INFO, *.egg and EGG-INFO/PKG-INFO ↩︎

  6. .dist-info/META-DATA ↩︎

  7. *.jar, *.war, and *.ear ↩︎

  8. It requires the Internet access ↩︎

  9. UPX-compressed binaries don't work ↩︎

Reference in New Issue View Git Blame Copy Permalink