📄️ How to scan multiple or nested lock files
Semgrep Supply Chain uses lockfiles as part of its reachability analysis to determine the exact version of a dependency that a codebase is using. Semgrep parses lockfiles, such as:
📄️ Generate lockfiles for Semgrep Supply Chain in a Circle CI pipeline
How to generate lockfiles for Semgrep Supply Chain in a Circle CI pipeline.
📄️ Generating Python lockfiles for Semgrep Supply Chain scans
Generate various Python lock files to run Semgrep Supply Chain scans successfully.
📄️ Why aren't Supply Chain findings showing?
Troubleshoot why findings for Semgrep Supply Chain are not showing.