Using unpinned dependencies¶
Checks for dependency management manifests (ex. package.json, Gemfile, pyproject.toml, Pipfile, go.mod, etc.),without a corresponding cryptographic dependency lock file (ex. package-lock.json, Gemfile.lock, poetry.lock, Pipfile.lock, go.sum).