Dependency Management Data

What is it?

Dependency Management Data (DMD) is a set of tooling to get a better understanding of the use of dependencies across your organisation.

The aim is to provide you with a set of queryable data about how your projects use configured, so you can target changes across your projects and organisation more appropriately.

What can it tell me?

Have you ever wondered any of the below?

I wish I had an SQL database, filled with information about all my projects' dependencies that I could run queries against
What is my most-used dependency across all my projects?
What is my most-used indirect/transitive dependency across all my projects?
How is Open Source being used across the organisation?
What languages and frameworks are being used at my company?
How much of an effect is the archiving of the Gorilla Toolkit for Go going to have across my organisation?
How much of an effect is Docker Inc sunsetting Free Team orgs going to have across my organisation? (Answer using DMD)
What's the distribution of versions of our internal libraries across the organisation?
Do I use any software that's end-of-life?
Do I use any software that's got any CVEs?
What projects can/should I send financial contributions to? (See also StackAid)

If so, this suite of Free and Open Source software is for you. You can get a similar offering to some vendors, completely for free 🤑

How does it work?

There is a command-line tool, dmd, which aims to make this an easier way to interact with the data.

Once you have collected the data through one of the supported tools you can then import it.

Once imported, you can use the inbuilt dmd-web tool to get a Web frontend (including SQLite frontend via Datasette), load it locally through your preferred SQLite interface, or use one of the built-in reports.

If you want more of an idea of the command-line tool before you download it, check out the docs for dmd.

How do I get started?

With my own data

The blog post Getting started with Dependency Management Data is a good way to get started with your own data, and guides you through the process of getting started.

With the example data

If you don't (yet) want to use DMD with your own data, it's best to check out the example project, which provides some a pre-seeded database, and the associated data exports that you can test the experience with, as well as seeing how it has configured the tooling to build the database.

The example data has a corresponding deployment of the DMD web application at dependency-management-data-example.fly.dev.

Some examples of queries:

Show the use of unstable versions - select * from renovate where version like '0.%' or version like 'v0.%'; (web link)
Show the list of packages by package manager - SELECT package_manager, count(*) from renovate group by package_manager order by count(*) desc; (web link)