List of all the dependencies (Bill Of Materials)
Problem to solve
Modern applications leverage libraries and dependencies to reuse existing code. Developers should be aware of the list of these dependencies.
This information may be already available in the repo itself, but it is language dependent (e.g., Gemfile.lock) and not easily accessible.
A first-class visualization of the dependencies could make it easier to consume.
There are many details that can be shown for each of them:
- name
- version
- link to home/docs
- dependency scanning results
- license management results
- ...more
Further details
This idea came talking with @plafoucriere about dependency tracking and how people may need to have information available. Discussion started about having dependency scanning and license management results in the same dependency-centric report, like other SCA tools do.
Switching focus on the pure dependency list opens this feature to additional information and can be extended to support what was in the original idea, plus more.
Proposal
MVC
Add a menu entry where dependencies of the current project are listed. Display name and version.
Further improvements
If dependency scanning or license management are enabled, show results for each dependency that has a match in the list.
What does success look like, and how can we measure that?
Number of accesses to the list view.