Dependency Management Data

What is it?

Dependency Management Data (DMD) is a set of tooling to get a better understanding of the use of dependencies across your organisation.

The aim is to provide you with a set of queryable data about how your projects use configured, so you can target changes across your projects and organisation more appropriately.

Have you ever wondered any of the below?

• I wish I had an SQL database, filled with information about all my projects' dependencies that I could run queries against
• What is my most-used dependency across all my projects?
• What is my most-used indirect/transitive dependency across all my projects?
• How is Open Source being used across the organisation?
• What languages and frameworks are being used at my company?
• How much of an effect is the archiving of the Gorilla Toolkit for Go going to have across my organisation?
• How much of an effect is Docker Inc sunsetting Free Team orgs going to have across my organisation? (Answer using DMD)
• What's the distribution of versions of our internal libraries across the organisation?
• Do I use any software that's end-of-life?
• Do I use any software that's got any CVEs?
• What projects can/should I send financial contributions to? (See also StackAid)

If so, this suite of Free and Open Source software is for you. You can get a similar offering to some vendors, completely for free 🤑

How does it work?

There is a command-line tool, dmd, which aims to make this an easier way to interact with the data.

Once you have collected the data through one of the supported tools you can then import it.

Once imported, you can either jump into the built SQLite database and play around with the data, use a tool like Datasette to interactively explore and visualise the data, or use one of the built-in reports.

If you want more of an idea of the command-line tool before you download it, check out the docs for dmd.

How do I get started?

It's best to check out the example project, which provides some a pre-seeded database, and the associated data exports that you can test the experience with, as well as seeing how it has configured the tooling to build the database.

Some examples of queries:

• Show the use of unstable versions - select * from renovate where version like '0.%' or version like 'v0.%';
• Show the list of packages by package manager - SELECT package_manager, count(*) from renovate group by package_manager order by count(*) desc;