Skip to main content

Cette version de GitHub Enterprise Server n'est plus disponible depuis le 2024-09-25. Aucune publication de correctifs n’est effectuée, même pour les problèmes de sécurité critiques. Pour de meilleures performances, une sécurité améliorée et de nouvelles fonctionnalités, effectuez une mise à niveau vers la dernière version de GitHub Enterprise. Pour obtenir de l’aide sur la mise à niveau, contactez le support GitHub Enterprise.

Exploration des dépendances d’un dépôt

Vous pouvez utiliser le graphique de dépendances pour afficher les packages dont dépend votre projet. En outre, vous pouvez voir l’ensemble des vulnérabilités détectées dans ses dépendances.

Qui peut utiliser cette fonctionnalité ?

Administrateurs de référentiels, propriétaire d’organisation et personnes disposant d’un accès en écriture ou en maintenance à un référentiel

Viewing the dependency graph

The dependency graph shows the dependencies of your repository. For information about the detection of dependencies and which ecosystems are supported, see "Dependency graph supported package ecosystems."

  1. On GitHub, navigate to the main page of the repository.

  2. Under your repository name, click Insights.

    Screenshot of the main page of a repository. In the horizontal navigation bar, a tab, labeled with a graph icon and "Insights," is outlined in dark orange.

  3. In the left sidebar, click Dependency graph.

    Screenshot of the "Dependency graph" tab. The tab is highlighted with an orange outline.

Enterprise owners can configure the dependency graph at an enterprise level. For more information, see "Enabling the dependency graph for your enterprise."

Dependencies view

Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed.

Dependencies submitted to a project using the dependency submission API, although also grouped by ecosystem, are shown separately from dependencies identified through manifest or lock files in the repository. These submitted dependencies appear in the dependency graph as "Snapshot dependencies" because they are submitted as a snapshot, or set, of dependencies. For more information on using the dependency submission API, see "Using the dependency submission API."

If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to Dependabot alerts.

Note: GitHub Enterprise Server does not populate the Dependents view.

Troubleshooting the dependency graph

If your dependency graph is empty, there may be a problem with the file containing your dependencies. Check the file to ensure that it's correctly formatted for the file type.

If a manifest or lock file is not processed, its dependencies are omitted from the dependency graph and they can't be checked for insecure dependencies.

Further reading