Dependencies search beta
Dependencies search is a code search feature that lets you search through the dependencies of your repositories.
Setup
- Configure a package host connection for each kind of dependency you want to search over.
- Add
"codeIntelLockfileIndexing.enabled": trueto your site configuration to enable the lockfile-indexing feature. - Add
"codeIntelAutoIndexing.allowGlobalPolicies": trueto your site configuration to allow a lockfile-indexing policy to match multiple repositories. - Go to Site admin > Code intelligence > Configuration and click on Create new policy to create a policy with Lockfile-indexing enabled to index the repositories matching this policy. Example: lock-file index all repositories matching the name
go-*andgo/. - Wait until lockfile indexing has finished and then run a dependency search.
Use cases
Resolve an incident faster by quickly finding where an error comes from and then understanding the code around it by leveraging code intelligence.
r:deps(^github\.com/sourcegraph/sourcegraph$@3.37) Observable cannot be called as a function
Search only npm dependencies:
r:deps(^github\.com/sourcegraph/sourcegraph$@3.37) r:^npm throw
Search only Go dependencies:
r:deps(^github\.com/sourcegraph/sourcegraph$@3.37) r:^go fmt.Println
Search only Python dependencies:
r:deps(^github\.com/firecracker-microvm/firecracker$) r:^python
Compatibility
The following table outlines the kinds of dependency repositories that dependency search supports and how it finds those dependencies in your repositories.
| Kind | How | Direct | Transitive |
|---|---|---|---|
| npm | scip-typescript uploads | ❌ | ❌ |
| npm | package-lock.json |
✅ | ✅ |
| npm | yarn.lock |
✅ | ✅ |
| Python | scip-python uploads | ❌ | ❌ |
| Python | poetry.lock |
✅ | ✅ |
| Python | Pipfile.lock |
✅ | ✅ |
| Go | lsif-go uploads | ❌ | ❌ |
| Go | go.mod |
✅ | ✅ with Go >= 1.17 go.mod files |
| JVM | scip-java uploads | ❌ | ❌ |
| JVM | gradle.lockfile |
❌ | ❌ |
| JVM | pom.xml |
❌ | ❌ |