Existing tools/architectures for org-wide dependency visibility across repos?

Аналитика рынка

Стек

Откликнуться

Загрузите резюме — мы свяжем вас с работодателем напрямую через нашу базу.

Описание

Existing tools/architectures for org-wide dependency visibility across repos? Hi all, I’m looking into existing solutions for centralized dependency visibility across an organization’s repositories. My org uses Azure Devops. Main requirement: ability to search/query which repos/apps use a particular dependency (and ideally version as well) support for multiple ecosystems (tech stacks involved are mainly [link] and Python) Example: “Which repos/apps use lodash 4.17.20?” So user interaction is still: ​ dependency name + version (optional) -> return affected apps/repos Bonus: vulnerability visibility/CVE detection lightweight app metadata/environment visibility Currently am looking at tools like Backstage, Dependency-Track, OWASP Dependency-Check, Azure DevOps Advanced Security, SBOM-based workflows, etc. Would appreciate advice on: existing platforms/tools that fit this use case well whether people typically solve this using SBOM aggregation whether Backstage is overkill for this type of dependency-centric visibility use case common architectures/patterns people use in practice Thanks in advance! [link] [handle]

Контакты работодателя (email/phone/telegram) скрыты из публичного превью — отправьте резюме, чтобы мы связали вас напрямую.