Dependency scanner configuration
Configuration
The scanner configuration file, named conf/xygeni.scan-deps.yml, specifies properties for:
Selecting Files to Include or Exclude. For example, in Node.js projects, it's common practice to exclude the
node_modulesdirectory to prevent issues with outdated orSBOM Configuration and report output.
Configuration for each ecosystem analyzer.
Scan configuration properties like timeouts and mode = sequential or parallel.
Arguments from the command line have priority over properties in this file.
Dependencies Analyzers
Dependencies for each ecosystem are processed by a specific analyzer. The analyzer processes dependency's descriptors to extract direct and indirect dependencies, resolve their versions, and gather context information like licensing, provenance and other metadata.
See Supported Package Managers for dependency resolution for the list of supported package managers.
Last updated