Dependency scanner configuration
Last updated
Last updated
The scanner configuration file, named conf/xygeni.scan-deps.yml, specifies properties for:
Selecting Files to Include or Exclude. For example, in Node.js projects, it's common practice to exclude the node_modules directory to prevent issues with outdated or
SBOM Configuration and report output.
Configuration for each ecosystem analyzer.
Scan configuration properties like timeouts and mode = sequential or parallel.
Dependencies for each ecosystem are processed by a specific analyzer. The analyzer processes dependency's descriptors to extract direct and indirect dependencies, resolve their versions, and gather context information like licensing, provenance and other metadata.