1. Dependency Management Data
  2. Cookbooks
  3. Using repository ownership information with dependency-management-data

Using repository ownership information with dependency-management-data

One of the benefits of having dependency-management-data is that you can see across your organisation's usage of Open Source and internal dependencies.

If you were for instance looking at how your organisation is affected by advisories, one key piece of information is "who can I talk to about this issue", either to work to resolve it, or discover if it's a false positive.

This is where dependency-management-data's understanding of ownership comes in, which allows setting a per-repo owner (coming soon: multiple owners).

Syncing data

Depending on your data source, such as a service catalogue like Backstage, Service Now, or some other source of your ownership data, the means for you to retrieve the data is up to you, but you can then take that data and ingest it into dependency-management-data.

Via dmd owners set

One option we have is to use the dmd CLI to set the ownership information:

dmd --db dmd.db owners set 'Jamie Tanna'          --organisation jamietanna
dmd --db dmd.db owners set 'Jamie Tanna'          --organisation tanna.dev
dmd --db dmd.db owners set 'Jamie Tanna'          --organisation jamietanna
# notice that you can include a basic wildcard
dmd --db dmd.db owners set 'GDS Pay'              --organisation alphagov   --repo 'pay-*'
dmd --db dmd.db owners set 'GDS Digital Identity' --organisation alphagov   --repo 'di-*'
dmd --db dmd.db owners set 'CDDO'                 --organisation co-cddo
dmd --db dmd.db owners set 'Elastic'              --organisation elastic

This will then work through the repos in each known datasource and update the owners table accordingly.

Note that this should be run after any repos are imported.

Bulk import a CSV file

Alternatively, shelling out for each repo can be a little awkward, so we can instead produce a CSV, such as:

# note that no header is required
github,elastic,kibana,Elastic,
gitlab,jamietanna,micropub-go,Jamie Tanna,Notes can be added too

Then we can import this with

dmd --db dmd.db owners import owners.csv

Note that when using the bulk import method, you can't use wildcard characters.

Using ownership data

This then allows you to write queries such as the below to find repos using the Renovate datasource with their ownership information (example web link).

select
  distinct renovate.platform,
  renovate.organisation,
  renovate.repo,
  owner,
  notes
from
  renovate
  left join owners on renovate.platform = owners.platform
  and renovate.organisation = owners.organisation
  and renovate.repo = owners.repo

This then allows you to write queries such as the below to find repos using the SBOM datasource with their ownership information (example web link).

select
  distinct sboms.platform,
  sboms.organisation,
  sboms.repo,
  owner,
  notes
from
  sboms
  left join owners on sboms.platform = owners.platform
  and sboms.organisation = owners.organisation
  and sboms.repo = owners.repo