Features
A directory of the features that dependency-management-data supports across different datasources.
Feature
| Feature | Renovate |
Software Bill of Materials (SBOM) |
AWS Infrastructure |
|---|---|---|---|
| Advisories | ✅ | ✅ | ✅ |
| Database anonymisation | ✅ | ✅ | |
| End-of-Life lookups, via EndOfLife.date | ✅ | ✅ | |
| CVE Lookups, via osv.dev | ✅ | ||
| Licensing + CVE Lookups, via deps.dev | ✅ | ✅ | |
| Policy violations via Open Policy Agent | ✅ | ✅ |
SBOM formats
- CycloneDX v1.4 (JSON, XML)
- CycloneDX v1.5 (JSON, XML)
- SPDX v2.2 (JSON, YAML)
- SPDX v2.3 (JSON, YAML)
Reports
| Report | Renovate |
Software Bill of Materials (SBOM) |
|---|---|---|
| advisories | ✅ | ✅ |
| policy-violations | ✅ | ✅ |
| licenses | ✅ | ✅ |
| golangCILint | ✅ | ✅ |
| mostPopularDockerImages | ✅ | ✅ |
| mostPopularPackageManagers | ✅ | ✅ |
End-of-Life checking
Via endoflife.date
| Product | Renovate |
Software Bill of Materials (SBOM) |
|---|---|---|
| Go | ✅ | |
| Alpine | ✅ | |
| NodeJS | ✅ | |
| Python | ✅ | |
| Redis | ✅ | |
| Ruby | ✅ | |
| Ruby on Rails | ✅ | ✅ |
CVE + license checking
Via deps.dev
| Ecosystem | Renovate |
Software Bill of Materials (SBOM) |
|---|---|---|
| npm | ✅ | ✅ |
| Go | ✅ | ✅ |
| Maven | ✅ | ✅ |
| PyPI | ✅ | ✅ |
| NuGet | ||
| Cargo | ✅ |
Generating missing package data
Via deps.dev
| Ecosystem | Renovate |
Software Bill of Materials (SBOM) |
|---|---|---|
| npm | ||
| Go | ||
| Maven | ✅ | ✅ |
| PyPI | ||
| NuGet | ||
| Cargo |
Policy violations via Open Policy Agent
Full details of supported data that can be used with policy management can be found in the Turning complex policies into custom Advisories using Open Policy Agent cookbook.