Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Dependency Mapper CLI for managing and analyzing software dependencies across repositories.
DepMap CLI is a command-line interface tool for managing and analyzing software dependencies across repositories. It provides functionality for cloning repositories, managing actions, and running analyses.
https://github.com/trilogy-group/central-product-tpm/edit/master/POC/cc/repo/depmap/cli/depmap.zip
cd path/to/extracted/directory
python -m venv venv
venv\Scripts\activate
source venv/bin/activate
pip install -r requirements.txt
Add your API authentication token to the .env
file:
AUTH_TOKEN=your_auth_token_here
Before using the CLI for analysis, you must set up the necessary actions:
Store the dependency action:
python cli.py action store dep -f actions/dep.json
This command loads the action details from the dep.json
file in the actions
folder.
Activate the dependency action:
python cli.py action update dep -a True
This sets the 'active' attribute of the 'dep' action to True.
The general syntax for using the DepMap CLI is:
python cli.py <command> <subcommand> [options]
The CLI uses an authentication token stored in the .env
file. Ensure this file is present and contains a valid AUTH_TOKEN
before running any commands.
Before running an analysis, you must first clone the target repository:
Clone and upload a single repository:
python cli.py clone -l <label> -u <url>
Clone and upload multiple repositories under a single label:
python cli.py clone -l <label> -f <file>
The file should contain one repository URL per line, for example:
https://github.com/trilogy-group/influitive-advocatehub-Influitive-Advocate
https://github.com/trilogy-group/influitive-advocatehub-influitive
...
The CLI will clone all repositories listed in the file and upload them together.
Examples:
python cli.py clone -l worksmart -u https://github.com/trilogy-group/worksmart-ts
python cli.py clone -l influitive -f influitive.txt
This will clone both repositories and group them under the 'influitive' label.After cloning, you can analyze all the repositories under this label together using the analysis commands.
Next, you must make sure that you have at least one action defined. Actions are prompts + scaffolding that are run against the files. For the time being - only one action is defined. You will find it in the 'actions' sub folder.
List all actions:
python cli.py action list [-n] [-s]
Get a specific action:
python cli.py action get <action> [-q <query>]
Store a new action:
python cli.py action store <action> <prompt> <include> <schema> [-a] [-f <file>]
Update an action:
python cli.py action update <action> [-p <prompt>] [-i <include>] [-s <schema>] [-a <active>]
Delete an action:
python cli.py action delete <action>
Delete all actions:
python cli.py action delete_all
Add actions from a directory:
python cli.py action add_all [-d <directory>]
Starts a new analysis for the specified label using the given model.
-l, --label
: Required. Label for the analysis.-m, --model
: Model to use for analysis (default: "haiku").-p, --poll
: Optional. Poll until the analysis is complete.Retrieves the status of an ongoing or completed analysis.
-l, --label
: Required. Label of the analysis to check.Retrieves the results of a completed analysis.
-l, --label
: Required. Label of the analysis.-d, --details
: Optional. Include detailed results.-c, --combine
: Optional. Combine all dependencies into a single list.-f, --file
: Optional. Specific file to retrieve results for.-a, --action
: Optional. Specific action to retrieve results for.Deletes the results of an analysis.
-l, --label
: Required. Label of the analysis to delete.-a, --action
: Optional. Specific action to delete results for.The CLI provides detailed error messages for various scenarios:
If you encounter an error, the CLI will display a message describing the issue.
.env
file, which should be kept secure and not shared or committed to version control.AUTH_TOKEN
in the .env
file is correct and up to date.FAQs
Dependency Mapper CLI for managing and analyzing software dependencies across repositories.
We found that depmap demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
Research
Security News
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
Security News
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.