Skip to content

Commit

Permalink
add gradle.lockfile to docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@DmitriyLewen
DmitriyLewen committed Aug 23, 2022
1 parent e743943 commit 6dda1d0
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 24 deletions.
45 changes: 23 additions & 22 deletions docs/docs/vulnerability/detection/language.md
View file
Expand Up @@ -2,28 +2,29 @@

`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.

| Language | File | Image[^8] | Rootfs[^9] | Filesystem[^10] | Repository[^11] | Dev dependencies |
| -------- |-------------------------| :-------: | :--------: | :-------------: | :-------------: | ---------------- |
| Ruby | Gemfile.lock | - | - ||| included |
| | gemspec ||| - | - | included |
| Python | Pipfile.lock | - | - ||| excluded |
| | poetry.lock | - | - ||| included |
| | requirements.txt | - | - ||| included |
| | egg package[^1] ||| - | - | excluded |
| | wheel package[^2] ||| - | - | excluded |
| PHP | composer.lock ||||| excluded |
| Node.js | package-lock.json | - | - ||| excluded |
| | yarn.lock | - | - ||| included |
| | pnpm-lock.yaml | - | - ||| excluded |
| | package.json ||| - | - | excluded |
| .NET | packages.lock.json ||||| included |
| | packages.config ||||| excluded |
| | .deps.json ||||| excluded |
| Java | JAR/WAR/PAR/EAR[^3][^4] ||| - | - | included |
| | pom.xml[^5] | - | - ||| excluded |
| Go | Binaries built by Go[^6] ||| - | - | excluded |
| | go.mod[^7] | - | - ||| included |
| Rust | Cargo.lock ||||| included |
| Language | File | Image[^8] | Rootfs[^9] | Filesystem[^10] | Repository[^11] | Dev dependencies |
| -------- |--------------------------------------------------------------------------------------------| :-------: | :--------: | :-------------: | :-------------: | ---------------- |
| Ruby | Gemfile.lock | - | - ||| included |
| | gemspec ||| - | - | included |
| Python | Pipfile.lock | - | - ||| excluded |
| | poetry.lock | - | - ||| included |
| | requirements.txt | - | - ||| included |
| | egg package[^1] ||| - | - | excluded |
| | wheel package[^2] ||| - | - | excluded |
| PHP | composer.lock ||||| excluded |
| Node.js | package-lock.json | - | - ||| excluded |
| | yarn.lock | - | - ||| included |
| | pnpm-lock.yaml | - | - ||| excluded |
| | package.json ||| - | - | excluded |
| .NET | packages.lock.json ||||| included |
| | packages.config ||||| excluded |
| | .deps.json ||||| excluded |
| Java | JAR/WAR/PAR/EAR[^3][^4] ||| - | - | included |
| | pom.xml[^5] | - | - ||| excluded |
| | *gradle.lockfile | - | - ||| excluded |
| Go | Binaries built by Go[^6] ||| - | - | excluded |
| | go.mod[^7] | - | - ||| included |
| Rust | Cargo.lock ||||| included |
| | Binaries built with [cargo-auditable](https://github.com/rust-secure-code/cargo-auditable) | ✅ | ✅ | - | - | excluded

The path of these files does not matter.
Expand Down
4 changes: 2 additions & 2 deletions pkg/fanal/analyzer/const.go
View file
Expand Up @@ -114,15 +114,15 @@ var (

// TypeLanguages has all language analyzers
TypeLanguages = []Type{
TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom,
TypeBundler, TypeGemSpec, TypeCargo, TypeComposer, TypeJar, TypePom, TypeGradleLock,
TypeNpmPkgLock, TypeNodePkg, TypeYarn, TypePnpm, TypeNuget, TypeDotNetDeps,
TypePythonPkg, TypePip, TypePipenv, TypePoetry, TypeGoBinary, TypeGoMod, TypeRustBinary,
}

// TypeLockfiles has all lock file analyzers
TypeLockfiles = []Type{
TypeBundler, TypeNpmPkgLock, TypeYarn,
TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom,
TypePnpm, TypePip, TypePipenv, TypePoetry, TypeGoMod, TypePom, TypeGradleLock,
}

// TypeIndividualPkgs has all analyzers for individual packages
Expand Down

0 comments on commit 6dda1d0

Please sign in to comment.