All Collections
How it works
Support for dependency scanning by language
Support for dependency scanning by language
Roeland Delrue avatar
Written by Roeland Delrue
Updated over a week ago

Aikido performs a nightly scan of your dependencies for known CVEs and risky open-source licenses using a set of open-source tools such as Trivy and Syft.

Below is a table of supported languages and their respective lockfiles. We recommend using lockfiles by default as they increase speed at build time, make your builds more reproducible and they are a first layer of defense against supply-chain attacks. Of course, lockfiles also help Aikido in finding vulnerable packages.

Language

Lockfiles scanned

JavaScript

package-lock.json

npm-shrinkwrap.json

yarn.lock

pnpm-lock.yaml

PHP

composer.lock

Java

gradle.lockfile

pom.xml

.jar

.war

.ear

Swift

Package.resolved

Podfile.lock

Go

go.mod

Python

Pipfile.lock

poetry.lock

requirements.txt

.NET

.csproj

.deps.json

packages.lock.json

packages.config

Ruby

Gemfile.lock

Rust

Cargo.lock

Dart

pubspec.lock

Elixir

mix.lock

C/C++

conan.lock

Did this answer your question?