OPA Ecosystem / Integrations / dependency-management-data

dependency-management-data

A set of tooling to get a better understanding of the use of dependencies across your organisation.

dependency-management-data is a set of tooling that makes it easier to understand the usage of Open Source and internal dependencies in an organisation, taking data from Renovate, GitHub Dependabot, or Software Bill of Materials (SBOMs) and providing an SQLite database that can be used to query it.

Alongside this base functionality, it’s possible to write “advisories” to flag usage of certain dependencies for i.e. “this internal library has a security vulnerability” or “this Open Source project is no longer maintained”.

As a step further than this, it’s now possible to write “policies”, using Open Policy Agent to provide much more powerful control over usage of dependencies, leveraging the excellent support Rego and OPA has for common operations.

Code & Repos

https://gitlab.com/tanna.dev/dependency-management-data

Tutorials

https://dmd.tanna.dev/cookbooks/custom-advisories-opa/

Blogs

https://dmd.tanna.dev/cookbooks/custom-advisories-opa/

Inventors

Jamie Tanna in the OPA Ecosystem
- www.jvt.me

Labels

Category	tooling
Layer	shell

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.