dmd db generate dependency-health
dmd db generate dependency-health
Generate insights into the health of dependencies
Usage
dependency-health
Synopsis
Generate insights into the health of (third-party) dependencies
This consumes data from different sources to augment the understanding of dependencies in use, for instance giving an indication of whether they are (well) maintained, have been recently released, or may have supply chain hygiene issues.
Currently, this data is derived from:
- OpenSSF Security Scorecards (https://api.securityscorecards.dev/)
- Ecosystems (https://ecosyste.ms)
This data is a best-efforts attempt to provide this insight, and may be stale at the time of fetching.
Note that this may lead to the leakage of package names to external systems, which may be seen as a privacy or security issue, which can be avoided by following the documentation in the Avoiding the leakage of sensitive package names cookbook (https://dmd.tanna.dev/cookbooks/avoiding-sensitive-package-names/)
Known issues:
- Performance issues and 500s upstream - https://gitlab.com/tanna.dev/dependency-management-data/-/issues/459
Options
| Flag (type) | Usage | Notes |
|---|---|---|
-h, --help
|
help for dependency-health |
|
--no-progress
|
prevent displaying progress of long-running tasks |
|
Options inherited from parent commands
| Flag (type) | Usage | Notes |
|---|---|---|
--db (string)
|
the path to the input/output database |
|
--debug
|
whether to enable debug logging |
|
Related
dmd db generate- Generate new data into the database