# PHP - Composer
The support for this language is currently in beta. Vulnerability results may be less accurate than normal.
We support tracking PHP dependencies installed using Composer dependency manager (opens new window). Either by looking at its
composer.json file or lock file
composer.lock (recommended). You will get the most accurate results if you let us scan your
composer.lock file because it contains resolved versions of your direct and indirect dependencies, hence we recommend to keep this file in your repository.
composer.lock file is generated whenever one of the following is run:
By keeping both your
composer.lock files committed to your repository, we will automatically scan them for dependencies, vulnerabilities and licenses when you have done any of our integrations to your CI/CD pipeline.