PREREQUISITEAt least one project (a repository or subfolder in a monorepo) that scans for dependencies through Semgrep Supply Chain. See Scan third-party dependencies.
Enable and use dependency search
Sign in to Semgrep AppSec Platform.
View additional manifest files or lockfiles
By default, Semgrep only displays dependencies listed in a given project’s first 10 manifest files or lockfiles. To load information from additional files:Sign in to Semgrep AppSec Platform.
Search for dependencies
Sign in to Semgrep AppSec Platform.
Filter results by version number
To filter your results by version number, enter the dependency name and press Enter or Return. This returns a list of matches, but you can then filter your results further by version number:To specify a version number, click Exact match. For a range, click Range and provide the minimum and maximum versions.
Search filters
search provides the following filters, which correspond to the data points displayed by Semgrep about each dependency:| Filter | Description |
|---|---|
| The name and version of the dependency. | |
| Projects | The projects where the dependency can be found. |
| The relationship of the dependency to your codebase. | |
| License | The License you set. Determines whether a dependency can be used based on its license. |
| License | The dependency’s license type. |
| Language | The language of the dependency. |