dmd.tanna.dev

module
v0.94.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0

README

Dependency Management Data (DMD)

Dependency Management Data (DMD) is a set of tooling to get a better understanding of the use of dependencies across your organisation.

The project aims to give you a queryable interface into how Open Source and internal dependencies are used, so you can target changes across your projects and organisation more appropriately.

There is a more detailed documentation site at dmd.tanna.dev.

OpenSSF Best Practices

Examples + demos

There are several demos available on the documentation site, which provide examples of how DMD works using real data.

The web application can be found at dependency-management-data-example.fly.dev/, which uses the same seeded data from the demos.

Command-line tool

DMD exists as a command-line tool to simplify working with data sources used for dependency-management-data.

The command-line tool has further documentation available.

Installation

Latest Release

Pre-built releases can be downloaded from the GitLab Package Registry.

Alternatively, you can install it yourself by running:

go install dmd.tanna.dev/cmd/dmd@latest
Usage

For instance, if you had used renovate-graph to create a directory called renovate, you could run:

dmd db init --db dmd.db
# notice the quoting around the argument, to avoid shell globbing
dmd import renovate --db dmd.db 'renovate/*.json'

This will then import the files into dmd.db which can then be queried using i.e.:

sqlite3 dmd.db
SELECT * from renovate;
Datasources

License

Licensed under the Apache-2.0 license. Documentation licensed under Creative Commons Attribution Non Commercial Share Alike 4.0 International.

Directories

Path Synopsis
cmd
dmd
dmd-graph
dmd-graph/cmd
dmd-web
dmd-web/cmd
dmd/cmd
gen-endoflifedate-parser
gendoc
renovate-to-sbom
renovate-to-sbom/cmd
table-joiner
internal
advisory
advisory/db
contrib
datasources
Datasources are a source of data for a list of dependencies that a project(s) may have, and are likely an implementation of a `repository`
 Datasources are a source of data for a list of dependencies that a project(s) may have, and are likely an implementation of a `repository`
datasources/awselasticache
datasources/awselasticache/db
datasources/awslambda
datasources/awslambda/db
datasources/awsrds
datasources/awsrds/db
datasources/dependabot
datasources/queries
datasources/renovate
datasources/renovate/db
datasources/sbom
datasources/sbom/cyclonedx
datasources/sbom/db
datasources/sbom/spdx
dependencyhealth
dependencyhealth/db
depsdev
depsdev/db
domain
ecosystems
Package ecosystems provides primitives to interact with the openapi HTTP API.
 Package ecosystems provides primitives to interact with the openapi HTTP API.
endoflifedate
endoflifedate/client
Package client provides primitives to interact with the openapi HTTP API.
 Package client provides primitives to interact with the openapi HTTP API.
endoflifedate/db
externaldata
externaldata/db
graph
graph/db
graph/model
libyear
libyear/db
licenses
licenses/db
metadata
metadata/db
ownership
ownership/db
policies
policies/db
reports
reports/db
repositories
Repositories contains a generic interface for interacting with repositories of data.
 Repositories contains a generic interface for interacting with repositories of data.
repositorymetadata
repositorymetadata/db
securityscorecards
sensitivepackages
Sensitive Packages are a way to mark a package as 'sensitive', such that the package's details should not be processed through any external systems.
 Sensitive Packages are a way to mark a package as 'sensitive', such that the package's details should not be processed through any external systems.
sensitivepackages/db
view

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.