You need to sign in or sign up before continuing.
Add Dependency Scanning information to the Dependency List API
Problem to solve
As an extension of https://gitlab.com/gitlab-org/gitlab-ee/issues/10077, we need to bring the security information to the dependency list API.
Intended users
Proposal
-
Add dependency scanning into current API endpoint response -
Exclude this info in case of insufficient permissions -
Add documentation
Permissions and Security
Permissions to see security information should be consistent with permissions of the same information in the merge request widget.
Documentation
We need to document which information is available and explain the possible values.
We can also crosslink this from the Dependency Scanning documentation.
Testing
Usual specs for API endpoints.
What does success look like, and how can we measure that?
The number of calls for the Dependency List API (should be already implemented).
What is the type of buyer?
Links / references
Edited by Tetiana Chupryna