Report asdf dependencies
Dependency Scanning supports many different languages and package managers, but generic/system package managers like ASDF are not supported yet.
Proposal
Parse and report asdf files (.tool-versions
) dependencies.
We should explore if other files should/could be supported the same way. See https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/renovate-common.json (search for fileMatch
) for files to consider.
Moonshot
If we manage to get a GitLab feature to automate dependency updates, we can unify how we report and update dependencies. The same metadata would be used to fill SBOMs (dependency reports) and where to monitor for new versions for the automated updates part.
Edited by Philippe Lafoucrière