Application Dependencies
Trivy automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
- Ruby
- Gemfile.lock
- Python
- Pipfile.lock
- poetry.lock
- PHP
- composer.lock
- Node.js
- package-lock.json
- yarn.lock
- Rust
- Cargo.lock
- .NET
- packages.lock.json
The path of these files does not matter.
Example: https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile