3300020a42
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Ashely Tenesaca <ashelytc@github.com> Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
3.9 KiB
3.9 KiB
| Package manager | Languages | Static transitive dependencies | Automatic dependency submission | Recommended files | Additional files |
|---|---|---|---|---|---|
| Cargo | Rust | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | Cargo.lock |
Cargo.toml |
| Composer | PHP | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | composer.lock |
composer.json |
| NuGet | .NET languages (C#, F#, VB), C++ | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | .csproj, .vbproj, .nuspec, .vcxproj, .fsproj |
packages.config |
| {% data variables.product.prodname_actions %} workflows | YAML | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | .yml, .yaml |
{% octicon "x" aria-label="None" %} |
| Go modules | Go | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | go.mod |
{% octicon "x" aria-label="None" %} |
| Gradle | Java | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="None" %} | {% octicon "x" aria-label="None" %} |
| Maven | Java, Scala | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | pom.xml |
{% octicon "x" aria-label="None" %} |
| npm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | package-lock.json |
package.json |
| pip | Python | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | requirements.txt, pipfile.lock |
pipfile, setup.py |
| pnpm | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | pnpm-lock.yaml |
package.json |
| pub | Dart | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | pubspec.lock |
pubspec.yaml |
| Poetry | Python | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | poetry.lock |
pyproject.toml |
| RubyGems | Ruby | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | Gemfile.lock |
Gemfile, *.gemspec |
| Swift Package Manager | Swift | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | Package.resolved |
{% octicon "x" aria-label="None" %} |
| Yarn | JavaScript | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | yarn.lock |
package.json |
[!NOTE]{% ifversion transitive-dependency-labeling-npm %}
- The Static transitive dependencies column indicates whether static analysis will add
directandtransitivelabels for dependent packages in that ecosystem. Dependency submission actions (automatic or manually configured) can add transitive information for ecosystems where static analysis cannot. {% endif %}- If you list your Python dependencies within a
setup.pyfile, we may not be able to parse and list every dependency in your project.- {% data variables.product.prodname_actions %} workflows must be located in the
.github/workflows/directory of a repository to be recognized as manifests. Any actions or workflows referenced using the syntaxjobs[*].steps[*].usesorjobs.<job_id>.useswill be parsed as dependencies. For more information, see AUTOTITLE.- {% data reusables.dependabot.dependabot-alert-actions-semver %} For more information, see AUTOTITLE and AUTOTITLE.