Skip to content

API to retrieve Dependency List data

Problem to solve

You will now be able to leverage the data contained in the Dependency List via an API so that you can create automated processes or to feed other external tools. This API should make the generation of dependency data needed for compliance reports easier and faster.

This is a public API to retrieve information for this list in a JSON format.

Target audience

  • Delaney, Development Team Lead

  • Sam, Security Analyst,

Proposal

Create a public API endpoint that can be used to get a JSON file with the dependency list. Optionally, users can request to have additional information attached, like the security status.

Permissions and Security

Same permissions that guarantee access to the same information via the UI.

Documentation

Add documentation and examples to our API docs. Mention the availability of APIs in the main BOM doc page.

What does success look like, and how can we measure that?

Number of API calls.

Implementation plan

Request and response schema

GET /projects/:id/dependencies

The endpoint will provide filtering by package_manager. Available options:

  • bundler
  • yarn
  • npm
  • maven
  • composer
  • pip

Example request

GET /projects/42/dependencies?package_manager=bundler
GET /projects/42/dependencies?package_manager[]=pip&package_manager[]=yarn

Response

{
  {
    "name": "dependency_name",
    "version": "version_number",
    "package_manager": "package_manager_name",
    "dependency_file_path": "path_to_package_file"
  },
  ...
}

Example response

{
  {
    "name": "mini_portile2",
    "version": "2.2.0",
    "package_manager": "bundler",
    "dependency_file_path": "rails/Gemfile.lock"
  },
  {
    "name": "nokogiri",
    "version": "1.8.0",
    "package_manager": "bundler",
    "dependency_file_path": "Gemfile.lock"
  },
}
Edited by Tetiana Chupryna