Concepts

Within dependency-management-data, there are certain names we give different concepts.

You can find their brief description below, and there is more information available on their linked pages.

• Advisory: A way to flag the usage of a given package as potentially risky, or at least requiring review.
• Compatible Since: The compatible_since metadata field which indicates the earliest version of the dmd tooling that can be used with the resulting database.
• Component: A software component that a given set of dependencies may be related to.
• Datasource: A source of data that can be queried by dependency-management-data.
• Policy: A way to flag organisational restrictions around the use of certain software.
• Report: A pre-configured query to flag specific package data.
• Repository Key: A unique identifier to trace a source repository, aka the "Repo Key".
• Sensitive Package: A way to mark a package as 'sensitive', such that the package's details should not be processed through any external systems.