Dependency Tree for Python projects

Hi,

Does Nexus IQ currently support Dependency Tree for Python projects? If not, when do you plan to implement it?
Contrary to a simple requirements.txt file, poetry.lock contains dependency information about transient packages and can be used as a source for the dependency tree feature.

Our use case is the following:

We want to be able to label known, “vetted” packages and fail the report when a non-vetted package is included. We only want to do this for direct dependencies and ignore this on transient dependencies.

For this we want to create a policy which checks:

  • If label IS “Vetted”
    AND
  • If Dependency Type is “Direct”

Without having a Dependency Type, all dependencies are listed as Direct and I have no option to implement this.

Best regards,
P

Hi, Peter! Dependency tree isn’t currently supported for Python/.poetry and isn’t formally on our roadmap. However, we’re always looking to enhance visibility across every ecosystem. I’ll pass along your interest to our product leaders.