gitlab.com/gitlab-org/security-products/analyzers/dependency-scanning
This project's issue tracker has been disabled, if you wish to create an issue or bug please follow these directions.
[TOC]
Analyzer that scans for application dependencies.
To build the binary run:
go build -o ./bin/dependency-scanning ./cmd/dependency-scanning
To build the images run:
./scripts/bake.sh private
Should you see the following error, create a multi-arch builder.
ERROR: Multi-platform build is not supported for the docker driver.
You can create a multi-arch builder by running the following.
docker buildx create --name multi-arch-builder --use --bootstrap --driver=docker-container
| Language | Package Manager | File(s) | Description |
|---|---|---|---|
| C# | nuget | packages.lock.json | Lock files generated by nuget. |
| C/C++ | conan | conan.lock | Lock files generated by conan. |
| C/C++/Fortran/Go/Python/R | conda | conda-lock.yml | Environment files generated by conda-lock. |
| Go | go | go.mod | Module files generated by the standard go toolchain. |
| Java | ivy | ivy-report.xml | Dependency graph exports generated by the report Apache Ant task. |
| Java | maven | maven.graph.json | Dependency graph exports generated by mvn dependency:tree -DoutputType=json. |
| Java/Kotlin | gradle | dependencies.lock | Lock files generated by gradle-dependency-lock-plugin. |
| JavaScript/TypeScript | npm | package-lock.json, npm-shrinkwrap.json | Lock files generated by npm. |
| JavaScript/TypeScript | pnpm | pnpm-lock.yaml | Lock files generated by pnpm. |
| JavaScript/TypeScript | yarn | yarn.lock | Lock files generated by yarn. |
| Objective-C | cocoapods | Podfile.lock | Lock files generated by cocoapods. |
| PHP | composer | composer.lock | Lock files generated by composer. |
| Python | pip | pipdeptree.json | Dependency graph exports generated by pipdeptree --json. |
| Python | pip | requirements.txt | Dependency lock files generated by pip-compile. |
| Python | pipenv | Pipfile.lock | Lock files generated by pipenv. |
| Python | pipenv | pipenv.graph.json | Dependency graph exports generated by pipenv graph --json-tree >pipenv.graph.json. |
| Python | poetry | poetry.lock | Lock files generated by poetry. |
| Ruby | bundler | Gemfile.lock, gems.locked | Lock files generated by bundler. |
| Rust | cargo | Cargo.lock | Lock files generated by cargo. |
| Scala | sbt | dependencies-compile.dot | Dependency graph exports generated by sbt dependencyDot. |
| Swift | swift | Package.resolved | Lock files generated by swift. |
See CONTRIBUTING.md
See RELEASE.md
See LICENSE
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.