Commit 1c828d05 authored by Dheeraj Joshi's avatar Dheeraj Joshi Committed by Heinrich Lee Yu

Document dependency path and enable feature

parent 1aa7f24b
......@@ -32,7 +32,7 @@ Dependencies are displayed with the following information:
| --------- | ----------- |
| Component | The dependency's name and version |
| Packager | The packager used to install the dependency |
| Location | A link to the packager-specific lock file in your project that declared the dependency |
| Location | A link to the packager-specific lock file in your project that declared the dependency. It also shows the [dependency path](#dependency-paths) to a top-level dependency, if any, and if supported. |
| License | Links to dependency's software licenses |
Dependencies shown are initially sorted by the severity of their known vulnerabilities, if any. They
......@@ -44,6 +44,18 @@ If a dependency has known vulnerabilities, you can view them by clicking the arr
dependency's name or the badge that indicates how many known vulnerabilities exist. For each
vulnerability, its severity and description then appears below it.
### Dependency Paths
The dependency list shows the path between a dependency and a top-level dependency it's connected
to, if any. There are many possible paths connecting a transient dependency to top-level
dependencies, but the UI only shows one of the shortest paths.
![Dependency Path](img/yarn_dependency_path_v13_6.png)
Dependency Paths are supported for the following package managers:
- [NuGet](https://www.nuget.org/)
## Licenses
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/10536) in GitLab Ultimate 12.3.
......
......@@ -5,7 +5,7 @@ module Projects
before_action :authorize_read_dependency_list!
before_action do
push_frontend_feature_flag(:path_to_vulnerable_dependency, project)
push_frontend_feature_flag(:path_to_vulnerable_dependency, project, default_enabled: true)
end
feature_category :dependency_scanning
......
---
title: Enable dependency path in dependency list
merge_request: 44001
author:
type: added
......@@ -5,4 +5,4 @@ rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/241739
milestone: '13.4'
type: development
group: group::composition analysis
default_enabled: false
default_enabled: true
......@@ -59,7 +59,7 @@ module Gitlab
path: file_path
}
return base_location if Feature.disabled?(:path_to_vulnerable_dependency, project)
return base_location if Feature.disabled?(:path_to_vulnerable_dependency, project, default_enabled: true)
return base_location unless dependency['iid']
base_location.merge({
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment