Dependency Resolver

App provides users ability to check dependencies from their projects. After providing link to package.json file from project Project Leader can easily see if there are any vulnerabilities or updates.

Comment 1

Inspiration

We are working on a lot of projects, and each of them uses external libraries. React, Redux, Forge, and go on... Checking everything on every project is taking a lot of time and is... boring. Additionally, there is lack of people who actually like to check all dependencies and update them. There were a lot of projects, where somehow somebody forget about some update and not updated libraries were used for months. There is no time and people to check everything manually!

What it does

Dependency Resolver gives teams possibility to maintain project dependencies and provides tool to check them without even running single command. In project view, users can see table with all dependencies from their project with present version, the latest version or even vulnerabilities. They can go directly to dependency page or to vulnerability ticket and read about it. If user decide that he need to create Issue, app provides auto template with all necessary information about update. Even people that do not configure project, can still be able to see that something needs update. Thanks to dashboard gadget user can see multiply projects and can separate them as needed.

How we built it

To create this add-on we used Atlassian Forge technology with React, Redux, Typescripts, RxJS... App currently works in Jira on Project View and Dashboard Gadget. To create user interface we used Atlaskit so user is not distracted by different styles than Jira and can use each element exactly like in Jira. We build this solution with Custom UI.

Challenges we ran into

There was a lot of challenges to fight with, as we wanted to create tool not only for one specific project type. We had to choose which type of project will we use as our first go, then we needed to check how can we connect to different sites so users is not limited by source. We decided to go for Bitbucket and npm first. Another challenge we met while we were creating our app was forge limitations for certain actions. With 'invoke' we could only make 20 requests per second but thanks to our knowledge we managed to handle it with RxJS (:

Accomplishments that we're proud of

We are proud of what we delivered, stable app that can read selected file and then check for versions and vulnerabilities for each version in this project. We also created quick view in Dashboard Gadget so users can see all new versions for certain projects, and then they can update them immediately.

What we learned

We learned a lot about how forge works, how to handle multiple request with bridge (thanks RxJS!) and how much updates we need to do on our projects (:

What's next for Dependency Resolver

We think that there will be three big stages in our app:

First stage: More sources

  1. Add more project types -- This is crucial one, we want users to be able to work not only with npm but also with maven projects.

  2. Add more platforms to chose -- We definitely want to support as much as we can, the problem is in credentials and connectivity. For sure, we want to add possibility to get project files form GitHub or BitBucket Server.

Second stage: Credentials

  1. Application Links -- currently app is using username and app password to communicate with Bitbucket Cloud, we would like to use application link to connect with linked services. Same with other services.

Third stage Automatisation:

  1. Auto update tasks -- Add scheduler in Forge app, that automatically check selected projects and creates task or notify user that there is an update available.

  2. Auto update PR -- we want to add possibility to create Pull Requests for repositories with updated versions, this is feature that in our opinion is live saver, no more thinking about updating our app, just auto update PR that will make it for us.

Additionally, we want to implement:

  • Auto-search for project files -- user will just provide URL, and we will list all kinds of files to chose from (e.g. if on repo are 2 projects)

  • Auto-detection for domain and project type -- user provides link to repository, choose project and then app automatically knows if this is e.g. Bitbucket Cloud and if this is Maven project and will display table with content.

  • Split configuration so only certain people will have access to change it.

  • Add more advance issue create view -- add possibility to change multiply params like labels, due date etc.

  • Bulk create issues.

  • Create structures -- allow users to create structures with epic or subtasks, e.g. create Epic "Update Versions" and each created issue will be linked to that Epic.

  • Template for automatic issues -- create template where user will be able to chose how automatic issue will look like.

  • Add created issues to table so users can see that someone already created issue for this update.

  • And more...

We also want to publish our app on marketplace after codegeist (:

Share this project:

Updates