Implement dependencies GraphQL endpoint
Why are we doing this work
The dependency list currently uses a private REST API (the dependencies controller), in order to fetch dependency data. This causes us to duplicate code with the dependencies API
Proposal:
- Implement a GraphQL resolver for dependencies
- Use a feature flag to toggle between dependencies controller and the GraphQL API on the frontend (#393061 (closed))
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
Verification steps
-
Submit this graphQL query:
query { project(fullPath: "gitlab-org/gitlab") { dependencies { nodes { id name version location { path blobPath } } } } }
Note that location data is currently null because dependency scanning is not providing it correctly in the SBoM.
Edited by Brian Williams