Discovery: What tools are available to automatically trace dependencies

- Random list of tools and services along these lines:

• Gemnasium - DevOps's current requirements tracking tool of choice

• VersionEye - Another requirements tracking service we've experimented with, open source and has some compelling features

• requires.io - Yet another requirements tracker that I used at a previous job

• pyup.io - Auto-generates PRs for updated dependencies

• pip-tools - pip-compile generates fully pinned requirements files from top-level dependencies, and annotates which packages required each entry

• pipdeptree - Local tool for tracing through the hierarchy of package dependencies

• snakefood - Local tool for dependency tracking at the level of modules rather than packages

• pipreqs - Create a requirements file from the imports actually used

• pycycle - Finds circular imports

• undebt - Not really a dependency tracker, but could be used to automate refactoring deprecated code patterns when upgrading libraries

Also note that there are Trove classifiers which packages should be using to declare which exact Python, Django, etc. versions they support with each release; these aren't always used or kept up to date, but are very useful when they are. pip show -v lists these classifiers for a particular package, and Warehouse even allows searching by these classifiers.

I expanded a bit on these and did some investigation into how they might help the upgrade project here: https://openedx.atlassian.net/wiki/display/PLAT/Potential+Tooling+for+Upgrade