This version of GitHub Enterprise Server will be discontinued on 2026-03-17. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Securing your dependencies

Keep your supply chain secure by understanding and updating dependencies.

Configuring Dependabot alerts

Enable Dependabot alerts to be generated when a new vulnerable dependency is found in one of your repositories.

Configuring Dependabot security updates

You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.

Configuring Dependabot version updates

You can configure your repository so that Dependabot automatically updates the packages you use.

Keeping your actions up to date with Dependabot

You can use Dependabot to keep the actions you use updated to the latest versions.

Configuring the dependency graph

You can allow users to identify their projects' dependencies by enabling the dependency graph.

Exploring the dependencies of a repository

You can use the dependency graph to see the packages your project depends on. In addition, you can see any vulnerabilities detected in its dependencies.

Using the dependency submission API

You can use the dependency submission API to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled.