How does Gemnasium know the dependencies of my project?

When the dependency files of your project are updated, Gemnasium parses the files and extracts the dependencies. Extracted information includes: the package the project depends on, the requirement and the locked version.

Gemnasium can parse a variety of dependency files including: Gemfile (Bundler), requirements.txt (pip), package.json (npm), composer.json and bower.json.

If the project is synced with a repo hosted on GitHub or BitBucket, Gemnasium can detect whenever the dependency files are modified.

Feedback and Knowledge Base