Skip to content

Using unpinned dependencies

Checks for dependency management manifests (ex. package.json, Gemfile, pyproject.toml, Pipfile, go.mod, etc.),without a corresponding cryptographic dependency lock file (ex. package-lock.json, Gemfile.lock, poetry.lock, Pipfile.lock, go.sum).