Dependency List MVC
Problem to solve
Users need to access the Dependency List (or sometimes called Bill Of Material (BOM)) for their projects easily.
This can be done via a dedicated view, accessible from the left sidebar menu.
Delaney, Development Team Lead
Sam, Security Analyst
We can create a new menu entry Project > Dependency List. This will show a list of dependencies and their versions, detected during CI/CD jobs.
See https://gitlab.com/gitlab-org/gitlab-ee/issues/10071 for more information how data is collected.
Users will be able to export the Dependency List in JSON format from the UI.
We will collect usage information via a usage ping counter of the number of views on the Dependency List page per project.
Permissions and Security
The Dependency List can be accessible by anyone that has access to the repository. Additional information, like security results, will be accessible based on the specific permissions for those details.
|Dependencly List view|
Edge case designs:
|Job not set-up or has not run yet for the first time||Job failed to generate dependency list||Could not locate dependency files|
We need to add documentation for Dependency List in our docs. This is very relevant for compliance.
What does success look like, and how can we measure that?
Number of page views for the Dependency List.
What is the type of buyer?