Language support

    Which manifest files can be tested and monitored by Snyk?

    In order to detect vulnerable dependencies in your project, Snyk will analyse your project's manifest files. Currently, we support the following:

    Go

    Gopkg.lock

    Supported on CLI

    vendor/vendor.json

    Supported on CLI

    Composer

    composer.lock

    Supported on CLI

    Gradle

    build.gradle

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    Maven

    pom.xml

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    SBT

    build.sbt

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    Pip

    requirements.txt

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    RubyGems

    Gemfile.lock

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    NPM

    package.json

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    package.json & package-lock.json

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    Yarn

    package.json

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    package.json & yarn.lock

    Supported on CLI | Github | Gitlab | Bitbucket | Broker


    Nuget

    project.json

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    *.csproj, *.vbproj, *.fsproj

    Supported on Github | Gitlab | Bitbucket | Broker

    packages.config

    Supported on CLI | Github | Gitlab | Bitbucket | Broker

    obj/project.assets.json

    Supported on CLI

    *.sln

    Supported on CLI

    To get proper test results and create Snyk projects, at least one of the relevant manifest files must be present in the tested folder (CLI), repository (SCM) or app (Serverless).






    Snyk Help Center