Dependency Management Data

What is it?

Dependency Management Data (DMD) is a set of tooling to get a better understanding of the use of dependencies across your organisation.

The project aims to give you a queryable interface into how Open Source and internal dependencies are used, so you can target changes across your projects and organisation more appropriately.

What can it tell me?

Have you ever wondered any of the below?

I wish I had an SQL database, filled with information about all my projects' dependencies that I could run queries against
How is Open Source being used across the organisation?
What languages and frameworks are being used at my company?

Or maybe you want to hear about some real-world Case Studies that dependency-management-data has helped solve?

Responding to the Log4shell incident: How an organisation could respond to the Log4Shell (CVE-2021-44228) security vulnerability, if they were using dependency-management-data.
Deliveroo and a potential race condition with a Kafka sidecar: How Deliveroo could understand, during an incident, which other services may be affected by a race condition in a dependency.
Elastic and understanding the spread of versions of `oapi-codegen`: How Elastic were able to easily discover what versions of the oapi-codegen OpenAPI-to-Go code generator was used across the organisation.

This suite of Free and Open Source software can give you a similar offering to some vendors, completely for free 🤑

How does it work?

There is a command-line tool, dmd, which aims to make this an easier way to interact with the data.

Once you have collected the data through one of the supported tools you can then import it.

Once imported, you can use the inbuilt dmd-web tool to get a Web frontend (including SQLite frontend via Datasette), load it locally through your preferred SQLite interface, or use one of the built-in reports.

If you want more of an idea of the command-line tool before you download it, check out the docs for dmd.

How do I get started?

With my own data

Check out the Getting Started cookbook or the Getting Started with SBOM data cookbook.

With the example data

Check out the Getting Started (with the example data) cookbook.

Where can I learn more?

Checking out the Cookbooks and Case Studies are a great start to understanding more about how to use dependency-management-data and the insight it can give you.

There are also several linked blog posts and talks on the /related page that may be worth looking into!