feat(python): add support for poetry dev dependencies (#8152)

Signed-off-by: nikpivkin <nikita.pivkin@smartforce.io>
2025-12-12 15:50:15 -08:00 · 2024-12-24 18:12:39 +06:00
parent 735335f08f
commit 774e04d19d
5 changed files with 248 additions and 22 deletions
--- a/docs/docs/coverage/language/python.md
+++ b/docs/docs/coverage/language/python.md
@@ -26,7 +26,7 @@ The following table provides an outline of the features Trivy offers.
 |-----------------|------------------|:-----------------------:|:----------------:|:------------------------------------:|:--------:|:----------------------------------------:|
 | pip             | requirements.txt |            -            |     Include      |                  -                   |    ✓     |                    ✓                     |
 | Pipenv          | Pipfile.lock     |            ✓            |     Include      |                  -                   |    ✓     |                Not needed                |
-| Poetry          | poetry.lock      |            ✓            |     Exclude      |                  ✓                   |    -     |                Not needed                |
+| Poetry          | poetry.lock      |            ✓            |     [Exclude](#poetry)      |                  ✓                   |    -     |                Not needed                |
 | uv              | uv.lock          |            ✓            |     Exclude      |                  ✓                   |    -     |                Not needed                |


@@ -128,6 +128,9 @@ To build the correct dependency graph, `pyproject.toml` also needs to be present

 License detection is not supported for `Poetry`.

+By default, Trivy doesn't report development dependencies. Use the `--include-dev-deps` flag to include them.
+
+
 ### uv
 Trivy uses `uv.lock` to identify dependencies and find vulnerabilities.