Open Source Projects that must be built before testing with the Snyk CLI
For some types of Open Source Projects, you must build the Project before testing it with the Snyk CLI.
Manifests provide some dependency information. However, other dependencies are resolved only after the Project is built. In addition, lockfiles giving dependency information may not be available before the Project is built.
The following types of Projects must be built before testing with the CLI.
Language
Project type
Build required?
JavaScript
npm
Build required only if no package-lock.json file is present; run npm install to generate.
See the Snyk for JavaScript documentation for supported lockfile versions
Javascript
Yarn
Build required only if no yarn.lock file is present; run yarn install to generate
Java
Maven
Yes
Run mvn install before testing.
Java
Gradle
No
.NET
NuGet
Build required only if no packages.config file is present.
.NET
Paket
Yes
Python
pip
Yes
Run pip install -r requirements.txt before testing. Install is required so that the full dependency tree (nested dependencies included) can be tested.
Alternatively, pass the CLI --skip-unresolved=true option when testing to test only the dependencies available without building.
Python
pipenv
Yes
Run pipenv update before testing
Python
setup.py
Yes
Run pip install -e . before testing
Python
Poetry
Yes
If no Poetry lockfile exists, run poetry lock to generate a poetry.lock file before testing.
No
If the lockfile exists.
Python
dep
Yes
Run dep ensure before testing.
Golang
Go Modules
No
Swift / Objective-C
Cocoapods
Build required only if no Podfile.lock file is present; run pod install to generate
Swift
Swift Package Manager
No
Scala
sbt
No
Ruby
Bundler
Build required only if no Gemfile.lock file present; run bundle install to generate.
PHP
Composer
Build required only if no composer.lock file is present; run composer install to generate.
Last updated
Was this helpful?