Dependencies API

caution
This API is in an alpha stage and considered unstable. The response payload may be subject to change or breakage across GitLab releases.
Version history
  • Introduced in GitLab 12.1.
  • Pagination introduced in 14.4.

Every call to this endpoint requires authentication. To perform this call, user should be authorized to read repository. To see vulnerabilities in response, user should be authorized to read Project Security Dashboard.

List project dependencies

Get a list of project dependencies. This API partially mirroring Dependency List feature. This list can be generated only for languages and package managers supported by Gemnasium.

GET /projects/:id/dependencies
GET /projects/:id/dependencies?package_manager=maven
GET /projects/:id/dependencies?package_manager=yarn,bundler
Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the project.
package_manager string array no Returns dependencies belonging to specified package manager. Valid values: bundler, composer, conan, maven, npm, pip or yarn.
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/dependencies"

Example response:

[
  {
    "name": "rails",
    "version": "5.0.1",
    "package_manager": "bundler",
    "dependency_file_path": "Gemfile.lock",
    "vulnerabilities": [{
      "name": "DDoS",
      "severity": "unknown"
    }]
  },
  {
      "name": "hanami",
      "version": "1.3.1",
      "package_manager": "bundler",
      "dependency_file_path": "Gemfile.lock",
      "vulnerabilities": []
    }
]

Dependencies pagination

By default, GET requests return 20 results at a time because the API results are paginated.

Read more on pagination.