Add Dependency Scanning information to the Dependency List API

Problem to solve

As an extension of https://gitlab.com/gitlab-org/gitlab-ee/issues/10077, we need to bring the security information to the dependency list API.

Intended users

Persona: Software developer
Persona: Security Analyst
Persona: DevOps Engineer

Proposal

Add dependency scanning into current API endpoint response
Exclude this info in case of insufficient permissions
Add documentation

Permissions and Security

Permissions to see security information should be consistent with permissions of the same information in the merge request widget.

Documentation

We need to document which information is available and explain the possible values.
We can also crosslink this from the Dependency Scanning documentation.

Testing

Usual specs for API endpoints.

What does success look like, and how can we measure that?

The number of calls for the Dependency List API (should be already implemented).

What is the type of buyer?

GitLab Ultimate

Links / references

Edited Aug 19, 2019 by Tetiana Chupryna