pipenv installas Snyk needs this to create the
pipenv graphwhich is then used for the dependency scan to fulfill itself.
setup.pyfile, and detects packages listed in the
requirements.txtby installing the packages into a virtual environment and then running
poetry.lockfiles. Note both these files must be present for Snyk to identify Poetry dependencies and test for issues.
requirements.txtfiles are not supported, as this introduces a security risk. They are removed before resolving the dependencies in the files.
requirements.txtfile, and so you must have this file in your repository before importing.
requirements.txtfiles (for example, if you have renamed a file to
requirements-dev.txt), Snyk tries to import every file that follows the
**/*req*.txtconvention as a Python project.
requirements/requirements.txt) Snyk tries to import every file that follows the
**/requirements/*.txtconvention as a Python project.
requirements.txt, then either convert or import (depending on the package manager/supported files) the manifest file to the
snyk monitorwith the value of the python binary:
.snykfile to a project repository, and specify the desired version.
.snykfile must be in the same directory as the project manifest file.
.snykfile, Snyk detects the major version specified, and uses this to control whether the project is tested with Python 2 or Python 3. It does not use the exact version specified.
PYTHON_PATHto the Additional Options text input in the Snyk integration settings, for example,
--command=.venv/bin/python. Snyk will try to look for a
*req*.txtfile in the root of the project as seen in the IDE.
--all-projectsflag. Snyk will then recursively search through each directory within the project to find all of the manifest files.