Skip to content
GitLab
Next
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    Projects Groups Topics Snippets
  • Register
  • Sign in
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
    • Locked files
  • Issues 55.4k
    • Issues 55.4k
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1.6k
    • Merge requests 1.6k
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Artifacts
    • Schedules
    • Test cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Terraform modules
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • GitLabGitLab
  • Issues
  • #10075
Closed
Open
Issue created Feb 28, 2019 by Fabio Busatto@bikebillyContributor

Dependency List MVC

Problem to solve

Users need to access the Dependency List (or sometimes called Bill Of Material (BOM)) for their projects easily.

This can be done via a dedicated view, accessible from the left sidebar menu.

Target audience

  • Delaney, Development Team Lead

  • Sam, Security Analyst

Proposal

We can create a new menu entry Project > Dependency List. This will show a list of dependencies and their versions, detected during CI/CD jobs.

See https://gitlab.com/gitlab-org/gitlab-ee/issues/10071 for more information how data is collected.

Users will be able to export the Dependency List in JSON format from the UI.

We will collect usage information via a usage ping counter of the number of views on the Dependency List page per project.

Permissions and Security

The Dependency List can be accessible by anyone that has access to the repository. Additional information, like security results, will be accessible based on the specific permissions for those details.

Design

Dependencly List view
List-view

Edge cases:

Edge case designs:

Job not set-up or has not run yet for the first time Job failed to generate dependency list Could not locate dependency files
empty-state warning-when-not-updated Alert-some-or-all-files-not-found

Assets:

👉 Spec Previews

👉 Empty state illustration: Done, needs to be adding into Gitlab-svgs.

Documentation

We need to add documentation for Dependency List in our docs. This is very relevant for compliance.

What does success look like, and how can we measure that?

Number of page views for the Dependency List.

What is the type of buyer?

Compliance dept.

Edited May 16, 2019 by Andy Volpe
Assignee
Assign to
Time tracking