我的书签
添加书签
移除书签Language-specific Packages
Trivy automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
| Language | File | Image7 | Rootfs8 | Filesystem9 | Repository10 | Dev dependencies |
|---|---|---|---|---|---|---|
| Ruby | Gemfile.lock | - | - | ✅ | ✅ | included |
| gemspec | ✅ | ✅ | - | - | included | |
| Python | Pipfile.lock | - | - | ✅ | ✅ | excluded |
| poetry.lock | - | - | ✅ | ✅ | included | |
| requirements.txt | - | - | ✅ | ✅ | included | |
| egg package1 | ✅ | ✅ | - | - | excluded | |
| wheel package2 | ✅ | ✅ | - | - | excluded | |
| PHP | composer.lock | ✅ | ✅ | ✅ | ✅ | excluded |
| Node.js | package-lock.json | - | - | ✅ | ✅ | excluded |
| yarn.lock | - | - | ✅ | ✅ | included | |
| package.json | ✅ | ✅ | - | - | excluded | |
| .NET | packages.lock.json | ✅ | ✅ | ✅ | ✅ | included |
| Java | JAR/WAR/EAR34 | ✅ | ✅ | - | - | included |
| pom.xml5 | - | - | ✅ | ✅ | excluded | |
| Go | Binaries built by Go6 | ✅ | ✅ | - | - | excluded |
| go.sum | - | - | ✅ | ✅ | included |
The path of these files does not matter.
Example: Dockerfile
*.egg-info,*.egg-info/PKG-INFO,*.eggandEGG-INFO/PKG-INFO↩.dist-info/META-DATA↩*.jar,*.war, and*.ear↩It requires Internet access ↩
It requires Internet access when the POM doesn’t exist in your local repository ↩
UPX-compressed binaries don’t work ↩
✅ means “enabled” and
-means “disabled” in the image scanning ↩✅ means “enabled” and
-means “disabled” in the rootfs scanning ↩✅ means “enabled” and
-means “disabled” in the filesystem scanning ↩✅ means “enabled” and
-means “disabled” in the git repository scanning ↩
