-
Jamie Tanna authored
As part of #77, we proposed to add support for integration with `deps.dev` to look up package dependencies. To do this, we can add support for the `GetDependencies` endpoint on our `depsdev.Client`, and look up each dependency's dependency tree. This requires we introduce two new queries to Renovate + SBOMs to be able to query the existing data, including the full repo + ecosystem data. We can copy-paste the existing `Generate` functionality and tweak it to work for the dependency lookup. We make sure to trim down the requests we're sending with Renovate data as there's a lot of data that fails to be looked up without doing so. For now we can add support for the Maven ecosystem which appears to be the biggest concern, as Renovate nor SBOM exports we've got include the full dependency tree. Co-authored-by: Jamie Tanna <jamie.tanna@elastic.co>
b0f322f0
Loading