Dependencies search beta

Dependencies search is a code search feature that lets you search through the dependencies of your repositories.

Setup

  1. Configure a package host connection for each kind of dependency you want to search over.
  2. Add "codeIntelLockfileIndexing.enabled": true to your site configuration to enable the lockfile-indexing feature.
  3. Add "codeIntelAutoIndexing.allowGlobalPolicies": true to your site configuration to allow a lockfile-indexing policy to match multiple repositories.
  4. Go to Site admin > Code intelligence > Configuration and click on Create new policy to create a policy with Lockfile-indexing enabled to index the repositories matching this policy. Example: lock-file index all repositories matching the name go-* and go/.
  5. Wait until lockfile indexing has finished and then run a dependency search.

Use cases

Resolve an incident faster by quickly finding where an error comes from and then understanding the code around it by leveraging code intelligence.

r:deps(^github\.com/sourcegraph/sourcegraph$@3.37) Observable cannot be called as a function

Search only npm dependencies:

r:deps(^github\.com/sourcegraph/sourcegraph$@3.37) r:^npm throw

Search only Go dependencies:

r:deps(^github\.com/sourcegraph/sourcegraph$@3.37) r:^go fmt.Println

Search only Python dependencies:

r:deps(^github\.com/firecracker-microvm/firecracker$) r:^python

Compatibility

The following table outlines the kinds of dependency repositories that dependency search supports and how it finds those dependencies in your repositories.

Kind How Direct Transitive
npm scip-typescript uploads
npm package-lock.json
npm yarn.lock
Python scip-python uploads
Python poetry.lock
Python Pipfile.lock
Go lsif-go uploads
Go go.mod ✅ with Go >= 1.17 go.mod files
JVM scip-java uploads
JVM gradle.lockfile
JVM pom.xml

Reference