# Dependency scanner configuration

### Configuration <a href="#configuration" id="configuration"></a>

The scanner configuration file, named `conf/xygeni.scan-deps.yml`, specifies properties for:

* Selecting Files to Include or Exclude. For example, in Node.js projects, it's common practice to exclude the `node_modules` directory to prevent issues with outdated or
* SBOM Configuration and report output.
* Configuration for each ecosystem analyzer.
* Scan configuration properties like timeouts and mode = sequential or parallel.

{% hint style="info" %}
Arguments from the command line have priority over properties in this file.
{% endhint %}

### &#x20;Dependencies Analyzers <a href="#analyzers" id="analyzers"></a>

Dependencies for each ecosystem are processed by a specific analyzer. The analyzer processes dependency's descriptors to extract direct and indirect dependencies, resolve their versions, and gather context information like licensing, provenance and other metadata.

{% hint style="info" %}
See [Supported Package Managers for dependency resolution](https://docs.xygeni.io/xygeni-products/open-source-security-oss/supported-package-managers-for-dependency-resolution) for the list of supported package managers.
{% endhint %}