Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[QUESTION] deps.dev API Usage? #145

Closed
mudongliang opened this issue Dec 24, 2024 · 1 comment
Closed

[QUESTION] deps.dev API Usage? #145

mudongliang opened this issue Dec 24, 2024 · 1 comment

Comments

@mudongliang
Copy link

Hi maintainers,

Our project - HUSTSeclab/criticality score takes advantages of deps.dev API to get dependency count rathre than bigquery, which fixes the issue #493 in ossf/criticality_score. To be specific, we directly use the repository name as package name, filter out critical files as signal (e.g., setup.py in pypi) to get the ecosystem, and finally use both as parameters to invoke deps.dev API and get dependency count. However, this might introduce false alarm since the repo name does not mean its package name.

Any idea? It seems we still miss a relationship between github URL and package name.
@mudongliang mudongliang mentioned this issue Dec 24, 2024
Open
@cuixq
Copy link
Collaborator

cuixq commented Dec 31, 2024

There is GetProjectPackageVersions that returns the mappings between a project and package versions. Is this helpful?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mudongliang @cuixq