Dependency scanner configuration

Configuration

The scanner configuration file, conf/xygeni.scan-deps.xml contains properties for:

Selecting the files to include / exclude. For example, in Node ecosystems, it is customary to exclude de node_modules directory to avoid invalid stale dependencies.
Configuration for SBOM and report output.
Configuration for each ecosystem analyzer.
Scan configuration properties like timeouts and mode = sequential or parallel. Parallel model use threads to run the scan in parallel across files and detectors.

Arguments from command line have priority over properties in this file.

Dependencies Analyzers

Dependencies for each ecosystem are processed by a specific analyzer. The analyzer process dependencies descriptors to extract direct and indirect dependencies, resolve their versions, and gather context information like licensing, provenance and other metadata.

See Supported Package Managers for dependency resolution for the list of supported package mgrs.

PreviousDependency Scanner NextDependency Analyzers

Last updated 1 month ago