OPA Ecosystem / Integrations / dependency-management-data


dependency-management-data is a set of tooling that makes it easier to understand the usage of Open Source and internal dependencies in an organisation, taking data from Renovate, GitHub Dependabot, or Software Bill of Materials (SBOMs) and providing an SQLite database that can be used to query it.

Alongside this base functionality, it’s possible to write “advisories” to flag usage of certain dependencies for i.e. “this internal library has a security vulnerability” or “this Open Source project is no longer maintained”.

As a step further than this, it’s now possible to write “policies”, using Open Policy Agent to provide much more powerful control over usage of dependencies, leveraging the excellent support Rego and OPA has for common operations.

Code & Repos






Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.