Make sure to record specific lock file (source) of dependency

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Note to wider-community, sales, support and customer success

As always we welcome contributions so feel free to ask questions the PM of Composition Analysis if you are unsure about what needs to be done here and want to contribute the fix yourself!

NOTE if you are a user who also would like to see this feature, please UPVOTE 👍 it and comment to help it get prioritized (So it’s raised as part of our sensing mechanisms. Comments ideally should include what you want, how it would help you, what your pain point/frustration is today, and anything else that can help us focus on solving the problem.

If you are a team member commenting on behalf of a user (not ideal, as you can only upvote once!) Please remember to upvote and include as much information (what they are trying to solve for, their setup) as possible in addition to a salesforce or zendesk link.

Release notes

Problem to solve

Users often want to quickly assess how and when a dependency was added to a project. in some cases (monoliths) they need to know which specific lock file it was so they know which team is the owner.

We should display this (path) on the finding details, the dependency list, and the exports instead of just the name of the lock file (where applicable)

Proposal