2020-10-26 17:08:22 -04:00
---
2021-04-23 11:09:37 -04:00
stage: Secure
group: Composition Analysis
2022-09-21 17:13:33 -04:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2020-10-26 17:08:22 -04:00
---
2019-07-16 09:06:09 -04:00
# Dependencies API **(ULTIMATE)**
2020-12-04 16:09:29 -05:00
WARNING:
2022-02-28 07:15:45 -05:00
This API is in an [Alpha ](../policy/alpha-beta-support.md#alpha-features ) stage and considered unstable.
2019-07-16 09:06:09 -04:00
The response payload may be subject to change or breakage
across GitLab releases.
2021-09-30 14:11:31 -04:00
> - Introduced in GitLab 12.1.
> - Pagination introduced in 14.4.
2019-08-23 07:34:05 -04:00
Every call to this endpoint requires authentication. To perform this call, user should be authorized to read repository.
To see vulnerabilities in response, user should be authorized to read
2021-12-20 22:14:09 -05:00
[Project Security Dashboard ](../user/application_security/security_dashboard/index.md ).
2019-07-16 09:06:09 -04:00
## List project dependencies
2019-08-22 04:50:31 -04:00
Get a list of project dependencies. This API partially mirroring
2019-08-15 02:15:15 -04:00
[Dependency List ](../user/application_security/dependency_list/index.md ) feature.
2019-07-16 09:06:09 -04:00
This list can be generated only for [languages and package managers ](../user/application_security/dependency_scanning/index.md#supported-languages-and-package-managers )
2019-08-22 04:50:31 -04:00
supported by Gemnasium.
2019-07-16 09:06:09 -04:00
2020-02-27 04:09:01 -05:00
```plaintext
2019-07-16 09:06:09 -04:00
GET /projects/:id/dependencies
2019-08-23 07:34:05 -04:00
GET /projects/:id/dependencies?package_manager=maven
GET /projects/:id/dependencies?package_manager=yarn,bundler
2019-07-16 09:06:09 -04:00
```
| Attribute | Type | Required | Description |
| ------------- | -------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
2021-06-28 11:08:03 -04:00
| `id` | integer/string | yes | The ID or [URL-encoded path of the project ](index.md#namespaced-path-encoding ). |
2021-11-11 10:10:57 -05:00
| `package_manager` | string array | no | Returns dependencies belonging to specified package manager. Valid values: `bundler` , `composer` , `conan` , `go` , `gradle` , `maven` , `npm` , `nuget` , `pip` , `pipenv` , `yarn` , `sbt` , or `setuptools` . |
2019-07-16 09:06:09 -04:00
2020-01-30 10:09:15 -05:00
```shell
2020-05-27 20:08:37 -04:00
curl --header "PRIVATE-TOKEN: < your_access_token > " "https://gitlab.example.com/api/v4/projects/4/dependencies"
2019-07-16 09:06:09 -04:00
```
Example response:
```json
[
{
"name": "rails",
"version": "5.0.1",
"package_manager": "bundler",
2019-08-23 07:34:05 -04:00
"dependency_file_path": "Gemfile.lock",
2022-10-12 08:09:35 -04:00
"vulnerabilities": [
{
"name": "DDoS",
"severity": "unknown",
"id": 144827,
"url": "https://gitlab.example.com/group/project/-/security/vulnerabilities/144827"
}
],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
2019-07-16 09:06:09 -04:00
},
{
2022-10-12 08:09:35 -04:00
"name": "hanami",
"version": "1.3.1",
"package_manager": "bundler",
"dependency_file_path": "Gemfile.lock",
"vulnerabilities": [],
"licenses": [
{
"name": "MIT",
"url": "https://opensource.org/licenses/MIT"
}
]
}
2019-07-16 09:06:09 -04:00
]
```
2021-09-30 14:11:31 -04:00
## Dependencies pagination
By default, `GET` requests return 20 results at a time because the API results
are paginated.
Read more on [pagination ](index.md#pagination ).