Introduction
For some types of projects, you must build the project before analyzing it with the Snyk CLI.
This is because manifests provide some dependency information; other dependencies are only resolved after the project is built. Similarly, lock files giving dependency information may not be available.
Which projects must be built?
The following types of projects must be built before analysis with the CLI.
Language | Project type | Build required | Notes |
JavaScript | npm | See the notes | Build only required if no package-lock.json file present, run npm install to generate. Please see here for supported lockfile versions |
yarn | See the notes | Build only required if no yarn.lock file present, run yarn install to generate |
|
Java | Maven | Yes | Run mvn install before testing |
Gradle | No | ||
.NET | nuget | See the notes | Build only required if no packages.config file present |
paket | Yes | ||
Python | pip | Yes |
Run Alternatively, pass the CLI |
pipenv | Yes | Run pipenv update before testing |
|
setup.py | Yes | Run pip install -e . before testing |
|
Poetry | Yes | Run poetry lock to generate a poetry.lock file before testing |
|
Golang | dep | Yes | Run dep ensure before testing |
govendor | Yes | Run govendor sync before testing |
|
go modules | No | ||
Swift / Objective-C | Cocoapods | See the notes | Build only required if no Podfile.lock file present, run pod install to generate |
Scala | SBT | No | |
Ruby | bundler | See the notes |
Build only required if no |
PHP | composer | See the notes | Build only required if no composer.lock file present, run composer install to generate |