index.md 2.3 KB
Newer Older
1 2
# Dependency List **(ULTIMATE)**

3
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/10075) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 12.0.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

The Dependency list allows you to see your project's dependencies, and key
details about them, including their known vulnerabilities. To see it,
navigate to **Security & Compliance > Dependency List** in your project's
sidebar.

## Requirements

1. The [Dependency Scanning](../dependency_scanning/index.md) CI job must be
   configured for your project.
1. Your project uses at least one of the
   [languages and package managers](../dependency_scanning/index.md#supported-languages-and-package-managers)
   supported by Gemnasium.

## Viewing dependencies

20
![Dependency List](img/dependency_list_v12_3.png)
21 22 23 24 25 26 27 28 29 30

Dependencies are displayed with the following information:

| Field     | Description |
| --------- | ----------- |
| Status    | Displays whether or not the dependency has any known vulnerabilities |
| Component | The dependency's name |
| Version   | The exact locked version of the dependency your project uses |
| Packager  | The packager used to install the depedency |
| Location  | A link to the packager-specific lockfile in your project that declared the dependency |
31
| License   | Links to dependency's software licenses |
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

Dependencies shown are initially sorted by their names. They can also be sorted
by the packager they were installed by, or by the severity of their known
vulnerabilities.

There is a second list under the `Vulnerable components` tab displaying only
those dependencies with known vulnerabilities. If there are none, this tab is
disabled.

### Vulnerabilities

If a dependency has known vulnerabilities, they can be viewed by clicking on the
`Status` cell of that dependency. The severity and description of each
vulnerability will then be displayed below it.

47 48
## Licenses

49
> [Introduced](https://gitlab.com/gitlab-org/gitlab/issues/10536) in GitLab Ultimate 12.3.
50 51 52 53

If the [License Compliance](../license_compliance/index.md) CI job is configured,
the [discovered licenses](../license_compliance/index.md#supported-languages-and-package-managers) will be displayed on this page.

54 55 56 57
## Downloading the Dependency List

Your project's full list of dependencies and their details can be downloaded in
`JSON` format by clicking on the download button.