Application Dependencies
Ghost automatically detects the following files in containers and scans application dependencies.
- Ruby
- Gemfile.lock
- Python
- Pipfile.lock
- poetry.lock
- PHP
- composer.lock
- Node.js
- package-lock.json (dev dependencies are excluded)
- yarn.lock
- Rust
- Cargo.lock
- .NET
- packages.lock.json
- Java
- JAR/WAR/EAR files (.jar, .war, and *.ear)
- Go
- Binaries built by Go (UPX-compressed binaries don't work)
- go.sum
File path does not matter.
Examples: