When you use our CLI tool and run a test (either by snyk test or snyk monitor) we are able to look at the dependencies installed on disk in order to see exactly what your project relies on.

However, when we run a test against an integration such as GitHub, GitLab or Bitbucket server we only see your dependency file(s) (e.g. package.json, Gemfile.lock etc) and we need to infer the dependencies that would be installed if you were to install them from within an environment.

Did this answer your question?