VersionEye monitors your projects and notifies you about out-dated dependencies, security vulnerabilities and license violations. There are many ways to create a VersionEye project and to keep it in sync with the dependencies from the daily software development. As VersionEye knows all the dependencies from all your projects it can easily display you the inventory list of all your dependencies over all your projects, in real time. You find that inventory link in your organisation on the left side.
That way you know exactly which and how many open source dependencies you are using and you can see immediately the licenses. Beside that the list shows you which OS dependency & version you are using in which of your projects. In the screenshot above I can see for example that the Java dependency “com.rabbitmq:amqp-client” is used in 2 of my Java projects, in the “maven-indexer” and the “versioneye-maven-crawler” project. In both projects the dependency is used in the newest version. Good for me 🙂
By default you get a complete list of ALL your dependencies overall your projects. But as you can see, there are some filters above the list which can be used to filter down the list by teams, language, version and some other criteria. Maybe you only want to see the inventory of a specific team or maybe you are only interested in the PHP inventory list of your company.
This inventory list exist already since a couple months is used heavily by Enterprise clients. If you scroll down the list you will see a CSV export link. That’s new!
Now you can export that inventory list as CSV file. Here is an example how it looks like.
The first part of this CSV export shows exactly which dependency is used in which version, what would be the newest version, the license of the used version, the number of their known security vulnerabilities and the VersionEye project ID there this dependency is used in.
The second part of the export shows some details about your projects where the dependency is used in, like the VersionEye project ID, project name, your project version (if available) and in case it’s a Maven project the export is showing the GroupdID & ArtifactID.
The inventory list with all the filters is also available as API Endpoint.
That way you can fetch the data as JSON as well and create your custom Inventory report. You could use this API Endpoint to create a custom inventory PDF report. Check out the VersionEye API.
By the way. Everything on VersionEye.com is 100% open source. The source code is on GitHub and pullrequests are welcome 😉
Open Source License Compliance & Security 