Source code
Since each programming language has its declaration files for the libraries being used, the SBOM engine only analyzes the files with these specific filenames to avoid false positives or performance downgrades.
Programming language | File to check |
---|---|
Ruby | Gemfile.lock |
Python | Pipfile.lock poetry.lock requirements*.txt |
PHP | composer.lock |
NodeJS | package-lock.json yarn.lock pnpm-lock.yaml |
Java | pom.xml gradle.lockfile *.jar |
Go | go.mod |
Rust | Cargo.lock |
Dart | pubspec.lock |
.NET | packages.lock.json packages.config .deps.json |
Elixir | mix.lock |
Swift | Podfile.lock |
C/C++ package manager | conan.lock |

Was this page helpful?