Language support

Which manifest files can be tested and monitored by Snyk?

In order to detect vulnerable dependencies in your project, Snyk will analyse your project's manifest files. Currently, we support the following:

Go

Gopkg.lock

Supported on CLI

vendor/vendor.json

Supported on CLI

Composer

composer.lock

Supported on CLI

Gradle

build.gradle

Supported on CLI | Github | Gitlab | Bitbucket | Broker

Maven

pom.xml

Supported on CLI | Github | Gitlab | Bitbucket | Broker

SBT

build.sbt

Supported on CLI | Github | Gitlab | Bitbucket | Broker

Pip

requirements.txt

Supported on CLI | Github | Gitlab | Bitbucket | Broker

RubyGems

Gemfile.lock

Supported on CLI | Github | Gitlab | Bitbucket | Broker

NPM

package.json

Supported on CLI | Github | Gitlab | Bitbucket | Broker

package.json & package-lock.json

Supported on CLI | Github | Gitlab | Bitbucket | Broker

Yarn

package.json

Supported on CLI | Github | Gitlab | Bitbucket | Broker

package.json & yarn.lock

Supported on CLI | Github | Gitlab | Bitbucket | Broker


Nuget

project.json

Supported on CLI | Github | Gitlab | Bitbucket | Broker

*.csproj, *.vbproj, *.fsproj

Supported on Github | Gitlab | Bitbucket | Broker

packages.config

Supported on CLI | Github | Gitlab | Bitbucket | Broker

obj/project.assets.json

Supported on CLI

*.sln

Supported on CLI

To get proper test results and create Snyk projects, at least one of the relevant manifest files must be present in the tested folder (CLI), repository (SCM) or app (Serverless).