Backend: Parse and expose dependency path
backend sub-issue for #227620 (closed)
Problem to solve
The vulnerable dependency paths reported by the Dependency Scanning analyzers must be parsed by the backend and exposed to the frontend so that they can ultimately be displayed in the UI.
Proposal
- update Dependency Scanning report parser
- update entities used to present Dependency Scanning vulnerabilities
Endpoint / Data Structure
Potential Data Structure.
-
Endpoint:
/dependecies.json -
Path:
dependencies[].location. -
Structure
{
"ancestors":[
{
"name":"swell",
"version":"1.2"
},
{
"name":"emmajsq",
"version":"10.11"
}
],
"top_level": false
}-
top_levelsignals if it is top-level dependency
Implementation plan
-
define the new data structure added to what the existing /dependencies.jsonAPI endpoint returns -
update Dependency List parser and parser formatter, so that dependency paths are collected; update the specs and fixtures as well -
add dependency path to dependency API entity; update API schema and API specs
Further details
Permissions and Security
No change
Documentation
N/A
Availability & Testing
What does success look like, and how can we measure that?
When present in the Dependency Scanning reports, the dependency paths to the vulnerable dependencies are presented to the frontend.
Links / references
Edited by Tetiana Chupryna