Skip to main content
  • go.mod
  • gemfile.lock
  • package-lock.json
  • requirements.txt
By default, Semgrep parses manifest files or lockfiles in any directory or subdirectory. Some package managers, such as npm or yarn, have support for Workspaces, which can affect Semgrep’s parsing behavior. If you use workspaces, reach out to Support for assistance in setting up Semgrep Supply Chain. See Supported languages > Semgrep Supply Chain for more information.