Ruby
Trivy supports Bundler and RubyGems. The following scanners are supported for Cargo.
| Package manager | SBOM | Vulnerability | License |
|---|---|---|---|
| Bundler | ✓ | ✓ | - |
| RubyGems | ✓ | ✓ | ✓ |
The following table provides an outline of the features Trivy offers.
| Package manager | File | Transitive dependencies | Dev dependencies | Dependency graph | Position |
|---|---|---|---|---|---|
| Bundler | Gemfile.lock | ✓ | Included | ✓ | ✓ |
| RubyGems | .gemspec | - | Included | - | - |
Bundler
Trivy searches for Gemfile.lock to detect dependencies.
RubyGems
.gemspec files doesn't contains transitive dependencies. You need to scan each .gemspec file separately.