Skip to content

[FE] Integrate with API data for Project dependency

For better tracking, please see this issue for Group implementation > [FE] Integrate with API data for Group dependency (#524374 - closed)

Requirements

  • Connect UI with the "dependency API" that will provide:
    • is dependency transitive
    • list of dependency paths

🏗️ Proposed Response

TBD

ℹ️ Current Structure

Group

ee/app/controllers/groups/dependencies_controller.rb

render json: dependencies_serializer.represent(dependencies)

Example:

Example Response 
{
    "dependencies": [
        {
            "name": "rubyzip",
            "packager": "bundler",
            "version": "1.2.1",
            "licenses": [
                {
                    "spdx_identifier": "BSD-2-Clause",
                    "name": "BSD 2-Clause \"Simplified\" License",
                    "url": "https://spdx.org/licenses/BSD-2-Clause.html"
                }
            ],
            "occurrence_count": 1,
            "project_count": 1,
            "component_id": 2099137,
            "occurrence_id": 1695105957,
            "vulnerability_count": 4
        },

Location

locations response location endpoint
image image
Example Response 
{
    "locations": [
        {
            "location": {
                "blob_path": "/gitlab-examples/security/security-reports/-/blob/d5e1764e1d7a2b43eb00fab9a378a9e06655a19f/dependency-scanning-files/Gemfile.lock",
                "path": "dependency-scanning-files/Gemfile.lock"
            },
            "project": {
                "name": "security-reports"
            }
        }
    ]
}

Project

ee/app/controllers/projects/dependencies_controller.rb

render json: serializer.represent(dependencies)

Example: https://gitlab.com/gitlab-org/govern/threat-insights-demos/frontend/security-reports/-/dependencies

Example Response 
{
    "dependencies": [
        {
            "name": "activerecord",
            "packager": "bundler",
            "version": "5.0.0",
            "location": {
                "blob_path": "/gitlab-org/govern/threat-insights-demos/frontend/security-reports/-/blob/225fa090f92d057854a68e9f8e071f86523be984/dependency-scanning-files/Gemfile.lock",
                "path": "dependency-scanning-files/Gemfile.lock",
                "top_level": false,
                "ancestors": []
            },
            "licenses": [
                {
                    "spdx_identifier": "MIT",
                    "name": "MIT License",
                    "url": "https://spdx.org/licenses/MIT.html"
                }
            ],
            "occurrence_id": 4546593244,
            "vulnerability_count": 3
        },
Edited by Samantha Ming