doc/api/dependencies.md
{{< details >}}
{{< /details >}}
Every call to this endpoint requires authentication. To perform this call, user should be authorized to read repository. To see vulnerabilities in response, user should be authorized to read Project Security Dashboard.
Lists all dependencies for a specified project. This operation partially mirrors the dependency list feature, which is available only for languages and package managers supported by Gemnasium.
Responses are paginated and return 20 results by default.
GET /projects/:id/dependencies
GET /projects/:id/dependencies?package_manager=maven
GET /projects/:id/dependencies?package_manager=yarn,bundler
| Attribute | Type | Required | Description |
|---|---|---|---|
id | integer or string | yes | The ID or URL-encoded path of the project. |
package_manager | string array | no | Returns dependencies belonging to specified package manager. Valid values: bundler, composer, conan, go, gradle, maven, npm, nuget, pip, pipenv, pnpm, yarn, sbt, or setuptools. |
curl --request GET \
--header "PRIVATE-TOKEN: <your_access_token>" \
--url "https://gitlab.example.com/api/v4/projects/4/dependencies"
Example response:
[
{
"name": "rails",
"version": "5.0.1",
"package_manager": "bundler",
"dependency_file_path": "Gemfile.lock",
"vulnerabilities": [
{
"name": "DDoS",
"severity": "unknown",
"id": 144827,
"url": "https://gitlab.example.com/group/project/-/security/vulnerabilities/144827"
}
],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
},
{
"name": "hanami",
"version": "1.3.1",
"package_manager": "bundler",
"dependency_file_path": "Gemfile.lock",
"vulnerabilities": [],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
}
]