Showing content from https://aquasecurity.github.io/trivy/latest/docs/coverage/language/ below:
Overview - Trivy
Programming Language¶
Trivy supports programming languages for
Supported languages¶
The files analyzed vary depending on the target. This is because Trivy primarily categorizes targets into two groups:
If the target is a pre-build project, like a code repository, Trivy will analyze files used for building, such as lock files. On the other hand, when the target is a post-build artifact, like a container image, Trivy will analyze installed package metadata like .gemspec, binary files, and so on.
Language File Image4 Rootfs5 Filesystem6 Repository7 Ruby Gemfile.lock - - ✅ ✅ gemspec ✅ ✅ - - Python Pipfile.lock - - ✅ ✅ poetry.lock - - ✅ ✅ uv.lock - - ✅ ✅ requirements.txt - - ✅ ✅ egg package1 ✅ ✅ - - wheel package2 ✅ ✅ - - PHP composer.lock - - ✅ ✅ installed.json ✅ ✅ - - Node.js package-lock.json - - ✅ ✅ yarn.lock - - ✅ ✅ pnpm-lock.yaml - - ✅ ✅ bun.lock - - ✅ ✅ package.json ✅ ✅ - - .NET packages.lock.json ✅ ✅ ✅ ✅ packages.config ✅ ✅ ✅ ✅ .deps.json ✅ ✅ ✅ ✅ *Packages.props9 ✅ ✅ ✅ ✅ Java JAR/WAR/PAR/EAR3 ✅ ✅ - - pom.xml - - ✅ ✅ *gradle.lockfile - - ✅ ✅ *.sbt.lock - - ✅ ✅ Go Binaries built by Go ✅ ✅ - - go.mod - - ✅ ✅ Rust Cargo.lock ✅ ✅ ✅ ✅ Binaries built with cargo-auditable ✅ ✅ - - C/C++ conan.lock - - ✅ ✅ Elixir mix.lock8 - - ✅ ✅ Dart pubspec.lock - - ✅ ✅ Swift Podfile.lock - - ✅ ✅ Package.resolved - - ✅ ✅ Julia Manifest.toml ✅ ✅ ✅ ✅
The path of these files does not matter.
Example: Dockerfile
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4