Below you can find various guides for getting dependency-management-data set up for your projects.
- Getting Started: How to get started with dependency-management-data for package data.
- Getting Started with SBOM data: How to get started with dependency-management-data, when consuming SBOMs.
- Getting Started with OSS Review Toolkit's data: How to get started with dependency-management-data, when using OSS Review Toolkit (ORT).
- Data Collection Patterns: The different patterns that have been proved to work well with collecting data for use with dependency-management-data.
- Getting Started (with the example data): How to get started with dependency-management-data, using the pre-collected example data.
- Using custom Advisories to flag packages in use: How to use custom advisories with dependency-management-data to track packages that your organisation may not want to use.
- Avoiding the leakage of sensitive package names: How to use the `sensitive_packages` table to reduce the risk of leaking private package names to external systems.
- Turning complex policies into custom Advisories using Open Policy Agent: How to leverage Open Policy Agent integration in dependency-management-data to write much more complex rules for flagging advisories in your dependencies.
- Setting up the Git repo to store dependency-management-data output: An example of the structure and CI configuration you may want to use for storing dependency-management-data data in.
- Using repository ownership information with dependency-management-data