Dependencies API
Every call to this endpoint requires authentication. To perform this call, user should be authorized to read repository. To see vulnerabilities in response, user should be authorized to read Project Security Dashboard.
List project dependencies
Get a list of project dependencies. This API partially mirroring Dependency List feature. This list can be generated only for languages and package managers supported by Gemnasium.
GET /projects/:id/dependencies
GET /projects/:id/dependencies?package_manager=maven
GET /projects/:id/dependencies?package_manager=yarn,bundler
Attribute | Type | Required | Description |
---|---|---|---|
id
| integer/string | yes | The ID or URL-encoded path of the project. |
package_manager
| string array | no | Returns dependencies belonging to specified package manager. Valid values: bundler , composer , conan , go , gradle , maven , npm , nuget , pip , pipenv , pnpm , yarn , sbt , or setuptools .
|
curl --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/4/dependencies"
Example response:
[
{
"name": "rails",
"version": "5.0.1",
"package_manager": "bundler",
"dependency_file_path": "Gemfile.lock",
"vulnerabilities": [
{
"name": "DDoS",
"severity": "unknown",
"id": 144827,
"url": "https://gitlab.example.com/group/project/-/security/vulnerabilities/144827"
}
],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
},
{
"name": "hanami",
"version": "1.3.1",
"package_manager": "bundler",
"dependency_file_path": "Gemfile.lock",
"vulnerabilities": [],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
}
]
Dependencies pagination
By default, GET
requests return 20 results at a time because the API results
are paginated.
Read more on pagination.