Dependency Management Data

What is it?

What can it tell me?

Have you ever wondered any of the below?

• I wish I had an SQL database, filled with information about all my projects' dependencies that I could run queries against
• What is my most-used dependency across all my projects?
• What is my most-used indirect/transitive dependency across all my projects?
• How is Open Source being used across the organisation?
• What languages and frameworks are being used at my company?
• How much of an effect is the archiving of the Gorilla Toolkit for Go going to have across my organisation?
• How much of an effect is Docker Inc sunsetting Free Team orgs going to have across my organisation? (Answer using DMD)
• What's the distribution of versions of our internal libraries across the organisation?
• Do I use any software that's end-of-life?
• Do I use any software that's got any CVEs?
• What projects can/should I send financial contributions to? (See also StackAid)

If so, this suite of Free and Open Source software is for you. You can get a similar offering to some vendors, completely for free 🤑

How does it work?

There is a command-line tool, dmd, which aims to make this an easier way to interact with the data.

Once you have collected the data through one of the supported tools you can then import it.

Once imported, you can use the inbuilt dmd-web tool to get a Web frontend (including SQLite frontend via Datasette), load it locally through your preferred SQLite interface, or use one of the built-in reports.

If you want more of an idea of the command-line tool before you download it, check out the docs for dmd.

How do I get started?

With my own data

Check out the Getting Started cookbook.

With the example data

Check out the Getting Started (with the example data) cookbook.

Where can I learn more?

There are several linked blog posts and talks on the /related page.