New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning

  • v1.0.0
  • Source
  • Go
  • Socket score
Version published
Created
Source

This project's issue tracker has been disabled, if you wish to create an issue or bug please follow these directions.

[TOC]

Dependency Scanning

Analyzer that scans for application dependencies.

Building

To build the binary run:

go build -o ./bin/dependency-scanning ./cmd/dependency-scanning

To build the images run:

./scripts/bake.sh private

Should you see the following error, create a multi-arch builder.

ERROR: Multi-platform build is not supported for the docker driver.

You can create a multi-arch builder by running the following.

docker buildx create --name multi-arch-builder --use --bootstrap --driver=docker-container

Supported files

LanguagePackage ManagerFile(s)Description
C#nugetpackages.lock.jsonLock files generated by nuget.
C/C++conanconan.lockLock files generated by conan.
C/C++/Fortran/Go/Python/Rcondaconda-lock.ymlEnvironment files generated by conda-lock.
Gogogo.modModule files generated by the standard go toolchain.
Javaivyivy-report.xmlDependency graph exports generated by the report Apache Ant task.
Javamavenmaven.graph.jsonDependency graph exports generated by mvn dependency:tree -DoutputType=json.
Java/Kotlingradledependencies.lockLock files generated by gradle-dependency-lock-plugin.
JavaScript/TypeScriptnpmpackage-lock.json, npm-shrinkwrap.jsonLock files generated by npm.
JavaScript/TypeScriptpnpmpnpm-lock.yamlLock files generated by pnpm.
JavaScript/TypeScriptyarnyarn.lockLock files generated by yarn.
Objective-CcocoapodsPodfile.lockLock files generated by cocoapods.
PHPcomposercomposer.lockLock files generated by composer.
Pythonpippipdeptree.jsonDependency graph exports generated by pipdeptree --json.
Pythonpiprequirements.txtDependency lock files generated by pip-compile.
PythonpipenvPipfile.lockLock files generated by pipenv.
Pythonpipenvpipenv.graph.jsonDependency graph exports generated by pipenv graph --json-tree >pipenv.graph.json.
Pythonpoetrypoetry.lockLock files generated by poetry.
RubybundlerGemfile.lock, gems.lockedLock files generated by bundler.
RustcargoCargo.lockLock files generated by cargo.
Scalasbtdependencies-compile.dotDependency graph exports generated by sbt dependencyDot.
SwiftswiftPackage.resolvedLock files generated by swift.

Contributing

See CONTRIBUTING.md

Releases

See RELEASE.md

LICENSE

See LICENSE

FAQs

Package last updated on 21 Nov 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Oracle Drags Its Feet in the JavaScript Trademark Dispute

Security News

Oracle Drags Its Feet in the JavaScript Trademark Dispute

Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.

By Sarah Gooding  -  Feb 07, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc