From be2a1c0c501160477872a52cebc92bf5bfe3453b Mon Sep 17 00:00:00 2001 From: Lars Date: Mon, 10 Nov 2025 15:48:40 +0100 Subject: [PATCH 1/4] init commit, added keypoints --- src/pages/feature-guides/_meta.ts | 3 ++ .../organization-wide-search.mdx | 32 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 src/pages/feature-guides/organization-wide-search.mdx diff --git a/src/pages/feature-guides/_meta.ts b/src/pages/feature-guides/_meta.ts index 7768c73..41e4256 100644 --- a/src/pages/feature-guides/_meta.ts +++ b/src/pages/feature-guides/_meta.ts @@ -9,4 +9,7 @@ export default { 'several-assets-and-artifacts-to-devguard-monorepos': { title: 'Mapping Several Assets and Artifacts (e.g., Monorepos)', }, + 'organization-wide-search': { + title: 'Searching specific Packages in Organization', + }, } diff --git a/src/pages/feature-guides/organization-wide-search.mdx b/src/pages/feature-guides/organization-wide-search.mdx new file mode 100644 index 0000000..c0bbb91 --- /dev/null +++ b/src/pages/feature-guides/organization-wide-search.mdx @@ -0,0 +1,32 @@ +# Searching for specific Package in Organization + +- It is now possible to search for a specific Package in each Repository in an Organization. + - Only Admin & Owner Roles can search for this Package. + - This Feature is useful, when you want to quickly check weither a certain Package is used in any Repository (e.g xz-util) and what version it is on. + - Additionally it is shown in which artifacts the Package is. + - It is found on the organization Page, in the Tabs Area, next to the Settings. + - The search feature is case insensitive. + +# How it works + +- It recursively looks for the specific Package name with a like statement, it will only find direct Dependencies. +- There is a new +- one new endpoint will be available: + - `api/v1/organizations/{organizationName}/dependency-components?search={packageName}` + - These endpoints will provide certain information: + - componentDependencyId + - dependencyPurl + - organizationId + - organizationName + - projectId + - projectName + - projectSlug + - assetId + - assetName + - assetSlug + - assetVersionName + - componentPurl + - componentVersion + - artifactName + - artifactAssetVersion + From 4d33afe06a36d54add81bca00a67df65edd9903b Mon Sep 17 00:00:00 2001 From: Lars Date: Mon, 10 Nov 2025 16:59:09 +0100 Subject: [PATCH 2/4] documention ofr organization-wide-search --- src/pages/feature-guides/organization-wide-search.mdx | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/pages/feature-guides/organization-wide-search.mdx b/src/pages/feature-guides/organization-wide-search.mdx index c0bbb91..fbfa502 100644 --- a/src/pages/feature-guides/organization-wide-search.mdx +++ b/src/pages/feature-guides/organization-wide-search.mdx @@ -2,15 +2,16 @@ - It is now possible to search for a specific Package in each Repository in an Organization. - Only Admin & Owner Roles can search for this Package. - - This Feature is useful, when you want to quickly check weither a certain Package is used in any Repository (e.g xz-util) and what version it is on. + - This Feature is useful, when you want to quickly check whether a certain Package is used in any Repository (e.g xz-util) and what version it is on. - Additionally it is shown in which artifacts the Package is. - - It is found on the organization Page, in the Tabs Area, next to the Settings. - - The search feature is case insensitive. + - It is found on the organization Page, in the Tabs Area, next to the Settings (you need the correct Permission to see the tab). # How it works -- It recursively looks for the specific Package name with a like statement, it will only find direct Dependencies. -- There is a new +- It recursively looks for the specific Package name with an ILIKE statement, in each Repository in your Organization, + it will only find direct Dependencies (First Party Dependencies). + - The search feature is case insensitive. + - one new endpoint will be available: - `api/v1/organizations/{organizationName}/dependency-components?search={packageName}` - These endpoints will provide certain information: From 13b8be626e147617119b20e28928b13f2745306c Mon Sep 17 00:00:00 2001 From: Lars Date: Mon, 10 Nov 2025 17:42:44 +0100 Subject: [PATCH 3/4] case insensitive part is not up to date --- src/pages/feature-guides/organization-wide-search.mdx | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/pages/feature-guides/organization-wide-search.mdx b/src/pages/feature-guides/organization-wide-search.mdx index fbfa502..0064745 100644 --- a/src/pages/feature-guides/organization-wide-search.mdx +++ b/src/pages/feature-guides/organization-wide-search.mdx @@ -8,9 +8,8 @@ # How it works -- It recursively looks for the specific Package name with an ILIKE statement, in each Repository in your Organization, +- It recursively looks for the specific Package name with an LIKE statement, in each Repository in your Organization, it will only find direct Dependencies (First Party Dependencies). - - The search feature is case insensitive. - one new endpoint will be available: - `api/v1/organizations/{organizationName}/dependency-components?search={packageName}` From 6dd4dffc8f98375ce8a4b1d9a26f10172d0f53f7 Mon Sep 17 00:00:00 2001 From: Frederic Noppe Date: Thu, 18 Dec 2025 13:37:31 +0100 Subject: [PATCH 4/4] formulation of the bulletpoints to documentation Text Signed-off-by: Frederic Noppe --- .../organization-wide-search.mdx | 114 +++++++++++++----- 1 file changed, 83 insertions(+), 31 deletions(-) diff --git a/src/pages/feature-guides/organization-wide-search.mdx b/src/pages/feature-guides/organization-wide-search.mdx index 0064745..3db99f2 100644 --- a/src/pages/feature-guides/organization-wide-search.mdx +++ b/src/pages/feature-guides/organization-wide-search.mdx @@ -1,32 +1,84 @@ -# Searching for specific Package in Organization - -- It is now possible to search for a specific Package in each Repository in an Organization. - - Only Admin & Owner Roles can search for this Package. - - This Feature is useful, when you want to quickly check whether a certain Package is used in any Repository (e.g xz-util) and what version it is on. - - Additionally it is shown in which artifacts the Package is. - - It is found on the organization Page, in the Tabs Area, next to the Settings (you need the correct Permission to see the tab). - -# How it works - -- It recursively looks for the specific Package name with an LIKE statement, in each Repository in your Organization, - it will only find direct Dependencies (First Party Dependencies). - -- one new endpoint will be available: - - `api/v1/organizations/{organizationName}/dependency-components?search={packageName}` - - These endpoints will provide certain information: - - componentDependencyId - - dependencyPurl - - organizationId - - organizationName - - projectId - - projectName - - projectSlug - - assetId - - assetName - - assetSlug - - assetVersionName - - componentPurl - - componentVersion - - artifactName - - artifactAssetVersion +# Searching for Specific Packages in Your Organization +## Overview + +DevGuard now allows **Admin and Owner roles** to search for specific packages across all repositories within an organization. This feature is designed to help you quickly identify where a particular package (e.g., `xz-util`) is used, including its version and the artifacts it appears in. This is especially useful for security audits, compliance checks, or dependency management. + +**Location:** The feature is accessible from the **Organization Page**, in the **Tabs Area**, next to Settings. Only users with the correct permissions will see this tab. + +--- + +## How It Works + +### Search Process +- The search recursively scans each repository in your organization using a **LIKE statement** to match the package name. +- Only **direct (first-party) dependencies** are returned in the results. + +### API Endpoint +A new API endpoint is available for programmatic access: + +``` +GET /api/v1/organizations/{organizationName}/dependency-components?search={packageName} +``` + +#### Response Fields + Field | Description | + |------------------------|--------------------------------------| + | `componentDependencyId`| Unique identifier for the dependency | + | `dependencyPurl` | Package URL (purl) of the dependency | + | `organizationId` | ID of the organization | + | `organizationName` | Name of the organization | + | `projectId` | ID of the project | + | `projectName` | Name of the project | + | `projectSlug` | Slug of the project | + | `assetId` | ID of the asset | + | `assetName` | Name of the asset | + | `assetSlug` | Slug of the asset | + | `assetVersionName` | Version name of the asset | + | `componentPurl` | Package URL (purl) of the component | + | `componentVersion` | Version of the component | + | `artifactName` | Name of the artifact | + | `artifactAssetVersion` | Version of the artifact | + +--- + +## Use Cases + +- **Security Audits:** Quickly check if a vulnerable package is used anywhere in your organization. +- **Compliance:** Verify that only approved package versions are in use. +- **Dependency Management:** Identify and update outdated or risky dependencies across multiple projects. + +--- + +## Permissions + +- Only users with **Admin** or **Owner** roles can access this feature and the associated API endpoint. + +--- + +## Example Workflow + +1. Navigate to your **Organization Page** in DevGuard. +2. Click on the new **Package Search** tab. +3. Enter the package name (e.g., `xz-util`) in the search bar. +4. View the results, which include: + - Repositories where the package is found + - Version of the package in each repository + - Artifacts containing the package + +--- + +## Integration + +This feature integrates seamlessly with DevGuard’s existing SBOM and dependency management tools, providing a unified view of your organization’s software supply chain. + +--- + +## Notes + +- The search is case-insensitive and supports partial matches. +- Only direct dependencies are included in the results. + +--- + +**Need help or have feedback?** [Contact us](mailto:support@devguard.org) or visit our [GitHub repository](https://github.com/l3montree-dev/devguard) \ No newline at end of file