Dependency Scanning compared to Container Scanning
GitLab offers both Dependency Scanning and Container Scanning to ensure coverage for all of these dependency types. To cover as much of your risk area as possible, we encourage you to use all of our security scanning tools:
- Dependency Scanning analyzes your project and tells you which software dependencies, including upstream dependencies, have been included in your project, and what known risks the dependencies contain.
- Container Scanning analyzes your containers and tells you about known risks in the operating system’s (OS) packages.
The following table summarizes which types of dependencies each scanning tool can detect:
| Feature | Dependency Scanning | Container Scanning |
|---|---|---|
| Identify the manifest, lock file, or static file that introduced the dependency | ||
| Development dependencies | ||
| Dependencies in a lock file committed to your repository | 1 | |
| Binaries built by Go | 2 | |
| Dynamically-linked language-specific dependencies installed by the Operating System | ||
| Operating system dependencies | ||
| Language-specific dependencies installed on the operating system (not built by your project) |
- Lock file must be present in the image to be detected.
- Report language-specific findings must be enabled, and binaries must be present in the image to be detected.
Docs
Edit this page to fix an error or add an improvement in a merge request.
Create an issue to suggest an improvement to this page.
Product
Create an issue if there's something you don't like about this feature.
Propose functionality by submitting a feature request.
Feature availability and product trials
View pricing to see all GitLab tiers and features, or to upgrade.
Try GitLab for free with access to all features for 30 days.
Get help
If you didn't find what you were looking for, search the docs.
If you want help with something specific and could use community support, post on the GitLab forum.
For problems setting up or using this feature (depending on your GitLab subscription).
Request support