Source code

Since each programming language has its declaration files for the libraries being used, the SBOM engine only analyzes the files with these specific filenames to avoid false positives or performance downgrades.

Programming language

File to check

Ruby

Gemfile.lock

lib package in tar.gz, gem format

Python

Pipfile.lock

poetry.lock

requirements*.txt

setup.py

pyproject.toml

version.py

lib package in tar.gz, egg, whl, zip format

PHP

composer.lock

composer.json

lib package in zip format

NodeJS

package-lock.json

yarn.lock

pnpm-lock.yaml

lib package in tgz format

Java

pom.xml

pom.properties

gradle.lockfile

*.jar

lib package in *.zip, *-src.zip, *-sources.zip, *.tar.gz, *-src.tar.gz, *-sources.tar.gz format

Go

go.mod

Rust

Cargo.lock

Dart

pubspec.lock

.NET

packages.lock.json

packages.config

.deps.json

.nuspec

dll

library in *.nupkg

Elixir

mix.lock

Swift

Podfile.lock

C/C++ package manager

conan.lock dll exe



On This Page
Source code