SPIKE: Look at deps.dev non-license data sources

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Topic to Evaluate

License data coming from deps.dev was evaluated in SPIKE: Investigate deps.dev as a data source fo... (#439634 - closed) • Igor Frenkel • 16.10 • On track. There is other data available under the bigquery dataset and could be of use https://docs.deps.dev/bigquery/v1/#schema.

This issue is meant for investigating this data.

Tasks prior to evaluation

Tasks to Evaluate

Advisory data: could it be used with CVS (e.g. cargo advisories). Also consider https://osv.dev/ as it may be refreshed more often as it's the data source used for deps.dev anyway.
Graph data: could it be useful for reachability analysis.
Project data: could it be used for package quality scoring (stars count, forks count, ossfuzz record).

Timebox

4d

Team

Add workflowplanning breakdown typefeature and the corresponding ~devops::<stage> and ~group::<group> labels.
Ping the PM and EM.

Edited Sep 04, 2025 by 🤖 GitLab Bot 🤖