Aikido performs a nightly scan of your dependencies for known CVEs and risky open-source licenses using a set of open-source tools such as Trivy and Syft.
Below is a table of supported languages and their respective lockfiles. We recommend using lockfiles by default as they increase speed at build time, make your builds more reproducible and they are a first layer of defense against supply-chain attacks. Of course, lockfiles also help Aikido in finding vulnerable packages.
Language | Lockfiles scanned |
JavaScript | package-lock.json npm-shrinkwrap.json yarn.lock pnpm-lock.yaml |
PHP | composer.lock |
Java | gradle.lockfile pom.xml .jar .war .ear |
Swift | Package.resolved Podfile.lock |
Go | go.mod |
Python | Pipfile.lock poetry.lock requirements.txt |
.NET | .csproj .deps.json packages.lock.json packages.config |
Ruby | Gemfile.lock |
Rust | Cargo.lock |
Dart | pubspec.lock |
Elixir | mix.lock |
C/C++ | conan.lock |