Trivy supports Composer, which is a tool for dependency management in PHP.
The following scanners are supported.
The following table provides an outline of the features Trivy offers.
|Package manager||File||Transitive dependencies||Dev dependencies||Dependency graph||Position|
In order to detect dependencies, Trivy searches for
Trivy also supports dependency trees; however, to display an accurate tree, it needs to know whether each package is a direct dependency of the project.
Since this information is not included in
composer.lock, Trivy parses
composer.json, which should be located next to
If you want to see the dependency tree, please ensure that
composer.json is present.