Dependency chains can answer the following questions: "Is this dependency direct or transitive?" and "How did I bring this dependency into my code?"
- Java: Maven or Gradle are used depending upon your chosen toolset
It is required to have a manifest and lockfile, regardless of ecosystem. If you need more information on generating lockfiles, see the compatible languages and package files article.
With these ecosystem-native tools in place, you can use the following command to process a dependency chain:
The 'tidelift alignment' command will generate a bill of materials for a project and check its alignment with your catalog. When an alignment fails, it will give you a list of packages that are out of alignment, as well as a url to see more details.
By clicking into each see dependency chains link, you can see all of the direct dependencies that are bringing in deeper level transitive dependencies, and the chain structure.