CSV Export for OS Inventory

VersionEye monitors your projects and notifies you about out-dated dependencies, security vulnerabilities and license violations. There are many ways to create a VersionEye project and to keep it in sync with the dependencies from the daily software development. As VersionEye knows all the dependencies from all your projects it can easily display you the inventory list of all your dependencies over all your projects, in real time. You find that  inventory link in your organisation on the left side.

screen-shot-2017-02-03-at-08-21-35

That way you know exactly which and how many open source dependencies you are using and you can see immediately the licenses. Beside that the list shows you which OS dependency & version you are using in which of your projects. In the screenshot above I can see for example that the Java dependency “com.rabbitmq:amqp-client” is used in 2 of my Java projects, in the “maven-indexer” and the “versioneye-maven-crawler” project. In both projects the dependency is used in the newest version. Good for me 🙂

By default you get a complete list of ALL your dependencies overall your projects. But as you can see, there are some filters above the list which can be used to filter down the list by teams, language, version and some other criteria. Maybe you only want to see the inventory of a specific team or maybe you are only interested in the PHP inventory list of your company.

This inventory list exist already since a couple months is used heavily by Enterprise clients. If you scroll down the list you will see a CSV export link. That’s new!

screen-shot-2017-02-03-at-08-22-44

Now you can export that inventory list as CSV file. Here is an example how it looks like.

Screen Shot 2017-02-03 at 08.20.58.png

The first part of this CSV export shows exactly which dependency is used in which version, what would be the newest version, the license of the used version, the number of their known security vulnerabilities and the VersionEye project ID there this dependency is used in.

screen-shot-2017-02-03-at-08-34-04

The second part of the export shows some details about your projects where the dependency is used in, like the VersionEye project ID, project name, your project version (if available) and in case it’s a Maven project the export is showing the GroupdID & ArtifactID.

screen-shot-2017-02-03-at-08-34-18

The inventory list with all the filters is also available as API Endpoint.

screen-shot-2017-02-03-at-08-39-11

That way you can fetch the data as JSON as well and create your custom Inventory report. You could use this API Endpoint to create a custom inventory PDF report. Check out the VersionEye API.

By the way. Everything on VersionEye.com is 100% open source. The source code is on GitHub and pullrequests are welcome 😉

CSV Export

At VersionEye you can setup a license whitelist to enforce a license policy. For each project there is a PDF Export, which contains the BoM (Bill of Materials). Now the same export is available as CSV as well. The links for the export are in the project detail view in the license tab.

VersionEye-License-Export

The new CSV Export has the same format as the PDF Export. It contains the list of dependencies with the information if they violate the license whitelist or not. Here is a screenshot of an example.

VersionEye-License-CSV-Export

The PDF/CSV Export also contains the current status of the license whitelist and the current status of the assigned component whitelist. That way the exported document is a complete snapshot of the current state of the project, license whitelist and component whitelist. That makes it easy to reproduce why a component is whitelisted or not.

Try out the CSV Export and let me know if you have any questions. Either here in the comments or on Twitter.