# `MobDev.SecurityScan.Layers.SwiftDeps`
[🔗](https://github.com/genericjam/mob_dev/blob/master/lib/mob_dev/security_scan/layers/swift_deps.ex#L1)

Audits iOS dependencies via `osv-scanner` recursively over the
`ios/` directory.

## What gets scanned

`osv-scanner` understands:

  * `Package.resolved` — Swift Package Manager (when SwiftPM is used)
  * `Podfile.lock` — CocoaPods

Mob's iOS template does not depend on either by default — the iOS
bridge is built with raw `.m` / `.swift` files plus the bundled OTP
static libs (libcrypto.a, libbeam.a, etc.). Those static libs are
audited by the `:bundled_runtime` layer; this layer only covers
*application-level* iOS dependencies.

In a stock Mob app this layer typically reports `:not_applicable`,
which is the correct signal — there's no iOS dependency manifest
to audit because the app pulls nothing from CocoaPods/SwiftPM.

---

*Consult [api-reference.md](api-reference.md) for complete listing*