Dependency List private API endpoint
This issue follows https://gitlab.com/gitlab-org/gitlab-ee/issues/11060 and its aim is to have a working endpoint that returns real data about dependencies used in the project.
List of issues
-
Parse "dependency_files"
field ofgl-dependency-scanning-report.json
report. -
Prepare that information to be consumed by frontend without additional alteration. All changes should be done on backend side. -
Alter current endpoint response, remove all mock data. -
Paginate the returned dependencies if the page
parameter is present in the request; otherwise, return the full list -
Add handling for known edge cases. -
Add usage ping for this endpoint. https://gitlab.com/gitlab-org/gitlab-ee/issues/10075#note_167662681 for more info.
Request and response format
GET /:namespace_id/:project_id/security/dependencies.json
[
{
dependencies: [
{
"name": "rails",
"packager": "Ruby (Bundler)",
"location": {
"blob_path": "/group-name/project-name/blob/deb6f84e91fe4d21daa6b5558c517254ea2668a3/Gemfile.lock"
"path": "Gemfile.lock",
},
"version": "5.2.3"
},
...
],
report: {
status: "some_status",
job_path: "some_ci_job_path"
}
}
What changed since 11.11?
-
type
=>packager
-
location.blob_path
provides only information about the file path, not the line number of dependency because the current scanner isn't able to provide this information. -
dependency.requirements
is removed this the scanner can't provide this information. - we have in the same time info about
dependencies
andreport
status.
Edge case statuses
Note: How backend will know about this statuses TBA
Note: If everything is OK, status ok
is returned.
Edited by Tetiana Chupryna