Cookbooks

Below you can find various guides for getting dependency-management-data set up for your projects.

• Getting Started: How to get started with dependency-management-data for package data.
• Getting Started with SBOM data: How to get started with dependency-management-data, when consuming SBOMs.
• Getting Started with OSS Review Toolkit's data: How to get started with dependency-management-data, when using OSS Review Toolkit (ORT).
• Data Collection Patterns: The different patterns that have been proved to work well with collecting data for use with dependency-management-data.
• Getting Started (with the example data): How to get started with dependency-management-data, using the pre-collected example data.
• Using custom Advisories to flag packages in use: How to use custom advisories with dependency-management-data to track packages that your organisation may not want to use.
• Avoiding the leakage of sensitive package names: How to use the `sensitive_packages` table to reduce the risk of leaking private package names to external systems.
• Turning complex policies into custom Advisories using Open Policy Agent: How to leverage Open Policy Agent integration in dependency-management-data to write much more complex rules for flagging advisories in your dependencies.
• Setting up the Git repo to store dependency-management-data output: An example of the structure and CI configuration you may want to use for storing dependency-management-data data in.
• Using repository ownership information with dependency-management-data