mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-22 07:10:41 -08:00

Files

afdesk a6685b1bad feat(dotnet): add support for .Net core .deps.json files (#2487 )

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>

2022-07-11 13:32:38 +03:00

Language-specific Packages

Trivy automatically detects the following files in the container and scans vulnerabilities in the application dependencies.

Language	File	Image¹	Rootfs²	Filesystem³	Repository⁴	Dev dependencies
Ruby	Gemfile.lock	-	-	✅	✅	included
	gemspec	✅	✅	-	-	included
Python	Pipfile.lock	-	-	✅	✅	excluded
	poetry.lock	-	-	✅	✅	included
	requirements.txt	-	-	✅	✅	included
	egg package⁵	✅	✅	-	-	excluded
	wheel package⁶	✅	✅	-	-	excluded
PHP	composer.lock	✅	✅	✅	✅	excluded
Node.js	package-lock.json	-	-	✅	✅	excluded
	yarn.lock	-	-	✅	✅	included
	pnpm-lock.yaml	-	-	✅	✅	excluded
	package.json	✅	✅	-	-	excluded
.NET	packages.lock.json	✅	✅	✅	✅	included
	packages.config	✅	✅	✅	✅	excluded
	.deps.json	✅	✅	✅	✅	excluded
Java	JAR/WAR/PAR/EAR⁷⁸	✅	✅	-	-	included
	pom.xml⁹	-	-	✅	✅	excluded
Go	Binaries built by Go¹⁰	✅	✅	-	-	excluded
	go.mod¹¹	-	-	✅	✅	included
Rust	Cargo.lock	✅	✅	✅	✅	included

The path of these files does not matter.

✅ means "enabled" and - means "disabled" in the image scanning ↩︎
✅ means "enabled" and - means "disabled" in the rootfs scanning ↩︎
✅ means "enabled" and - means "disabled" in the filesystem scanning ↩︎
✅ means "enabled" and - means "disabled" in the git repository scanning ↩︎
*.egg-info, *.egg-info/PKG-INFO, *.egg and EGG-INFO/PKG-INFO ↩︎
.dist-info/META-DATA ↩︎
*.jar, *.war, *.par and *.ear ↩︎
It requires Internet access ↩︎
It requires Internet access when the POM doesn't exist in your local repository ↩︎
UPX-compressed binaries don't work ↩︎
If smaller than go 1.17, go.sum is also required ↩︎