Dependency scanner configuration

Configuration

The scanner configuration file, named conf/xygeni.scan-deps.yml, specifies properties for:

  • Selecting Files to Include or Exclude. For example, in Node.js projects, it's common practice to exclude the node_modules directory to prevent issues with outdated or

  • SBOM Configuration and report output.

  • Configuration for each ecosystem analyzer.

  • Scan configuration properties like timeouts and mode = sequential or parallel.

Arguments from the command line have priority over properties in this file.

Dependencies Analyzers

Dependencies for each ecosystem are processed by a specific analyzer. The analyzer processes dependency's descriptors to extract direct and indirect dependencies, resolve their versions, and gather context information like licensing, provenance and other metadata.

See Supported Package Managers for dependency resolution for the list of supported package managers.

Last updated