Article version: Enterprise Server 2.17
Listing the packages that a repository depends on
You can see your project's dependencies, as well as any detected vulnerabilities, in the dependency graph.
About the dependency graph
The dependency graph is available for every repository that define dependencies in a supported package ecosystem using a supported file format.
Your site administrator must enable security alerts for vulnerable dependencies for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Enabling security alerts for vulnerable dependencies on GitHub Enterprise Server."
You can view and update vulnerable dependencies in your repository's dependency graph. The dependency graph lists vulnerable dependencies before other dependencies. For more information, see "About security alerts for vulnerable dependencies."
Supported package ecosystems
Package manager | Languages | Recommended formats | Supported formats |
---|---|---|---|
Maven | Java, Scala | pom.xml | pom.xml |
npm | JavaScript | package-lock.json | package-lock.json , package.json |
Yarn | JavaScript | yarn.lock | package.json , yarn.lock |
dotnet CLI | .NET languages (C#, C++, F#, VB) | .csproj , .vbproj , .nuspec , .vcxproj , .fsproj | .csproj , .vbproj , .nuspec , .vcxproj , .fsproj , packages.config |
Python PIP | Python | requirements.txt , pipfile.lock | requirements.txt , pipfile.lock , setup.py * |
RubyGems | Ruby | Gemfile.lock | Gemfile.lock ,Gemfile , *.gemspec |
Note: If you list your Python dependencies within a setup.py
file, we may not be able to parse, list, and alert on every dependency in your project.
Listing dependencies for a repository with the dependency graph enabled
- On GitHub Enterprise, navigate to the main page of the repository.
- Under your repository name, click Insights.
- In the left sidebar, click Dependency graph.
Troubleshooting the dependency graph
If your project has dependencies, but no dependencies are detected in your graph, there may be a problem with the file containing your dependencies. Check your project's file to ensure that it's correctly formatted for the file type.