PREREQUISITEAt least one project (a repository or subfolder in a monorepo) that scans for dependencies through Semgrep Supply Chain. See Scan third-party dependencies.
Enable and use dependency search
1
Sign in to Semgrep AppSec Platform.
2
Go to Settings > General > Supply Chain.
3
Click search if it’s not already enabled.
4
Navigate to Supply Chain > Dependencies.
View additional manifest files or lockfiles
By default, Semgrep only displays dependencies listed in a given project’s first 10 manifest files or lockfiles. To load information from additional files:1
Sign in to Semgrep AppSec Platform.
2
Navigate to Supply Chain > Dependencies, and scroll to the bottom of the page.
3
Click Fetch more lockfiles.
Search for dependencies
1
Sign in to Semgrep AppSec Platform.
2
Navigate to Supply Chain > Dependencies.
3
Using the search bar, enter the name of the dependency you are searching for.
4
Optional: Apply filters as necessary for your search.
Filter results by version number
To filter your results by version number, enter the dependency name and press Enter or Return. This returns a list of matches, but you can then filter your results further by version number:1
Click the name of your dependency to open the dialog:
1
To search for a specific version of a package, click Exact match, then enter the version number.
2
To search for a range of versions, click Range, then enter the minimum and maximum versions.
2
Click Apply to save your changes and see your results.
1
Click Advanced search.
2
Enter the name.
3
To specify a version number, click Exact match. For a range, click Range and provide the minimum and maximum versions.
1
Optional: to search for a specific version of a package, click Exact match, then enter the version number.
2
Optional: to search for a range of versions, click Range, then enter the minimum and maximum versions.