Skip to content


Trivy supports Dart.

The following scanners are supported.

Package manager SBOM Vulnerability License
Dart -

The following table provides an outline of the features Trivy offers.

Package manager File Transitive dependencies Dev dependencies Dependency graph Position
Dart pubspec.lock Included - -


In order to detect dependencies, Trivy searches for pubspec.lock.

Trivy marks indirect dependencies, but pubspec.lock file doesn't have options to separate root and dev transitive dependencies. So Trivy includes all dependencies in report.