add docs

afdesk · Aug 22, 2024 · 5e0b594 · 5e0b594
1 parent adb7ef5
commit 5e0b594
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/docs/docs/coverage/language/python.md b/docs/docs/coverage/language/python.md
@@ -23,7 +23,7 @@ The following table provides an outline of the features Trivy offers.
 
 | Package manager | File             | Transitive dependencies | Dev dependencies | [Dependency graph][dependency-graph] | Position | [Detection Priority][detection-priority] |
 |-----------------|------------------|:-----------------------:|:----------------:|:------------------------------------:|:--------:|:----------------------------------------:|
-| pip             | requirements.txt |            -            |     Include      |                  -                   |    ✓     |                    -                     |
+| pip             | requirements.txt |            -            |     Include      |                  -                   |    ✓     |                    ✓                     |
 | Pipenv          | Pipfile.lock     |            ✓            |     Include      |                  -                   |    ✓     |                Not needed                |
 | Poetry          | poetry.lock      |            ✓            |     Exclude      |                  ✓                   |    -     |                Not needed                |
 
@@ -42,8 +42,17 @@ Trivy parses your files generated by package managers in filesystem/repository s
 ### pip
 
 #### Dependency detection
-Trivy only parses [version specifiers](https://packaging.python.org/en/latest/specifications/version-specifiers/#id5) with `==` comparison operator and without `.*`.
-To convert unsupported version specifiers - use the `pip  freeze` command.
+By default, Trivy only parses [version specifiers](https://packaging.python.org/en/latest/specifications/version-specifiers/#id5) with `==` comparison operator and without `.*`.
+
+Using the [--detection-priority comprehensive](#detection-priority) option ensures that the tool establishes a minimum version, which is particularly useful in scenarios where identifying the exact version is challenging. 
+In such case Trivy parses specifiers `>=`,`~=` and a trailing `.*`.
+
+```
+keyring >= 4.1.1            # Minimum version 4.1.1
+Mopidy-Dirble ~= 1.1        # Minimum version 1.1
+python-gitlab==2.0.*        # Minimum version 2.0.0
+```
+Also, there is a way to convert unsupported version specifiers - use the `pip  freeze` command.
 
 ```bash
 $ cat requirements.txt