Reverse dependencies

Question

We are using Ivy with Artifactory as a repository. In Artifactory both third-party libraries and our release packages are stored.

If there is a bug in an artefact (3rd party or our package) I would like to find out which other components are potentially impacted.

In short, I need a reverse dependency report.

How similar problems are usually solved?

Answer 1

Check out Artifactory's build integration and CI server plugins.
The plugins collect information during build time (Both CI server and build tool), manage the deployment of artifacts and finally publish a "Build Info" report containing details regarding the build environment, method, dependencies and published artifacts.

Once in Artifactory, you can view a low down of each build with links to all produced artifacts, dependencies (if they exist in the repository) and even third-party license detection.
This will be helpful in your case, since you can also view all the builds an artifact was involved in, whether as a product or a dependency.

Artifactory's tree browser can display all the builds an artifact was involved in and it applies to all artifacts, not only build products; see the screenshot in this section as an example.

Artifactory's also got a REST resource that lets you query for builds in which a certain artifact has acted as a dependency; like the tree browser viewer, this too applies to all artifacts.

Currently, plugins are available for Jenkins, TeamCity and Bamboo and they all support Maven, Ivy and Gradle builds.