debian-mirror-gitlab/doc/api/dependencies.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

89 lines
3.2 KiB
Markdown
Raw Normal View History

2021-01-29 00:20:46 +05:30
---
2021-06-08 01:23:25 +05:30
stage: Secure
group: Composition Analysis
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2019-09-30 21:07:59 +05:30
# Dependencies API **(ULTIMATE)**
2021-02-22 17:27:13 +05:30
WARNING:
2023-06-20 00:43:36 +05:30
This API is in an [Experiment](../policy/alpha-beta-support.md#experiment) and considered unstable.
2019-09-30 21:07:59 +05:30
The response payload may be subject to change or breakage
across GitLab releases.
2021-09-30 23:02:18 +05:30
> - Introduced in GitLab 12.1.
> - Pagination introduced in 14.4.
2019-12-04 20:38:33 +05:30
Every call to this endpoint requires authentication. To perform this call, user should be authorized to read repository.
To see vulnerabilities in response, user should be authorized to read
2022-03-02 08:16:31 +05:30
[Project Security Dashboard](../user/application_security/security_dashboard/index.md).
2019-09-30 21:07:59 +05:30
## List project dependencies
2019-12-04 20:38:33 +05:30
Get a list of project dependencies. This API partially mirroring
2019-10-12 21:52:04 +05:30
[Dependency List](../user/application_security/dependency_list/index.md) feature.
2019-09-30 21:07:59 +05:30
This list can be generated only for [languages and package managers](../user/application_security/dependency_scanning/index.md#supported-languages-and-package-managers)
2019-12-04 20:38:33 +05:30
supported by Gemnasium.
2019-09-30 21:07:59 +05:30
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-30 21:07:59 +05:30
GET /projects/:id/dependencies
2019-12-04 20:38:33 +05:30
GET /projects/:id/dependencies?package_manager=maven
GET /projects/:id/dependencies?package_manager=yarn,bundler
2019-09-30 21:07:59 +05:30
```
| Attribute | Type | Required | Description |
| ------------- | -------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
2023-04-23 21:23:45 +05:30
| `id` | integer/string | yes | The ID or [URL-encoded path of the project](rest/index.md#namespaced-path-encoding). |
2023-06-20 00:43:36 +05:30
| `package_manager` | string array | no | Returns dependencies belonging to specified package manager. Valid values: `bundler`, `composer`, `conan`, `go`, `gradle`, `maven`, `npm`, `nuget`, `pip`, `pipenv`, `pnpm`, `yarn`, `sbt`, or `setuptools`. |
2019-09-30 21:07:59 +05:30
2020-03-13 15:44:24 +05:30
```shell
2020-06-23 00:09:42 +05:30
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/dependencies"
2019-09-30 21:07:59 +05:30
```
Example response:
```json
[
{
"name": "rails",
"version": "5.0.1",
"package_manager": "bundler",
2019-12-04 20:38:33 +05:30
"dependency_file_path": "Gemfile.lock",
2022-11-25 23:54:43 +05:30
"vulnerabilities": [
{
"name": "DDoS",
"severity": "unknown",
"id": 144827,
"url": "https://gitlab.example.com/group/project/-/security/vulnerabilities/144827"
}
],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
2019-09-30 21:07:59 +05:30
},
{
2022-11-25 23:54:43 +05:30
"name": "hanami",
"version": "1.3.1",
"package_manager": "bundler",
"dependency_file_path": "Gemfile.lock",
"vulnerabilities": [],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
}
2019-09-30 21:07:59 +05:30
]
```
2021-09-30 23:02:18 +05:30
## Dependencies pagination
By default, `GET` requests return 20 results at a time because the API results
are paginated.
2023-04-23 21:23:45 +05:30
Read more on [pagination](rest/index.md#pagination).