Insights about your application dependencies: Security, License compatibility and AI based guidance to choose appropriate dependencies for your application.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
'Dependency Analytics Report' with Insights about your application dependencies:
Flags a security vulnerability(CVE) and suggests a remedial version
Shows Github popularity metrics along with latest version
Suggests a project level license, check for conflicts between dependency licences
AI based guidance for additional, alternative dependencies
Supported Languages
'Dependency Analytics' extension supports projects using Maven and projects build on npm (Node ecosystem).
Extending support for Python and Go languages is currently under progress.
Prerequisites
This extension assumes you have the following binaries on your PATH:
mvn (for analyzing Java applications)
npm (for analyzing Node applications)
NOTE Dependency Analytics is an online service hosted and maintained by Red Hat. This open source software will access only your manifests and license file(s) to learn about application dependencies and licenses before giving you the report.
Quick Start
Install the extension.
Opening or editing a manifest file (pom.xml / package.json) scans your application for security vulnerabilities.
Right click on a manifest file (pom.xml/package.json) in the 'Vscode File explorer' or 'Vscode File editor' to display 'Dependency Analytics Report' for your application.
Features
Opening or editing a manifest file (pom.xml / package.json) scans your application for security vulnerabilities, flag them along with 'quick fixes'.
Right click on a manifest file(pom.xml / package.json) and choose 'Dependency Analytics Report ...' to display 'Dependency Analytics' report. This report covers deeper insights into your application dependencies:
Flags a security vulnerability(CVE) and suggests a remedial version
Shows Github popularity metrics along with latest version
Suggests a project level license, check for conflicts between dependency licences
AI based guidance for additional,alternative dependencies
For multi module maven application Right click on root pom.xml in editor window and choose 'Dependency Analytics Report ...' to display 'Dependency Analytics' report for the entire application.
Note It creates a folder target in workspace which is used for processing of manifest files, needed for generating stack report. So kindly add target in .gitignore.
Know more about Dependency Analytics Platform
The mission of this project is to significantly enhance developer experience:
providing Insights(security, licenses, AI based guidance) for applications and helping developers, Enterprises.