Viewing the dependency graph
The dependency graph shows the dependencies of your repository. For each dependency, you can see the version, the manifest file which included it, and whether it has known vulnerabilities. For package ecosystems supporting transitive dependencies, the relationship status will be displayed and the disclosure button ... will show the transitive path which brought in the dependency. For more information about transitive dependency support, see Dependency graph supported package ecosystems.
You can also search for a specific dependency using the search bar. Dependencies are sorted automatically with vulnerabilities at the top. For information about the detection of dependencies and which ecosystems are supported, see Dependency graph supported package ecosystems.
-
On GitHub, navigate to the main page of the repository.
-
Under your repository name, click Insights.
-
In the left sidebar, click Dependency graph.
-
Optionally, use the search bar to find a specific dependency or set of dependencies. You can use the keywords
ecosystem:to show only packages of a certain type, orrelationship:to show only direct or transitive dependencies (if the ecosystem supports transitivity). Plain words in search bar will only match package names.
Enterprise owners can configure the dependency graph at an enterprise level. For more information, see Enabling the dependency graph for your enterprise.
Dependencies view
Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed.
Dependencies submitted to a project using the dependency submission API will show which detector was used for their submission and when they were submitted. For more information on using the dependency submission API, see Using the dependency submission API.
If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to Dependabot alerts.
Note
GitHub Enterprise Server does not populate the Dependents view.