Viewing the dependency graph
The dependency graph shows the dependencies of your repository. 对于每个依赖项,可以看到版本、包含它的清单文件,以及它是否具有已知漏洞。 对于支持传递性依赖项的包生态系统,将显示依赖关系状态。你可以单击 ,然后选择“Show paths”,以查看引入该依赖项的传递路径。
还可以使用搜索栏搜索特定依赖项。 依赖项会自动排序,存在漏洞的包排在最上方。 For information about the detection of dependencies and which ecosystems are supported, see 依赖项关系图支持的包生态系统.
-
在 GitHub 上,导航到存储库的主页面。
-
在存储库名称下,单击“ Insights”选项卡****。
-
在左侧边栏中,单击“依赖项关系图”。
-
Optionally, use the search bar to find a specific dependency or set of dependencies. You can use the keywords
ecosystem:to show only packages of a certain type, orrelationship:to show only direct or transitive dependencies (if the ecosystem supports transitivity). Plain words in search bar will only match package names.
Enterprise owners can configure the dependency graph at an enterprise level. For more information, see 为企业启用依赖项关系图.
Dependencies view
Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed.
Dependencies submitted to a project using the 依赖项提交 API will show which detector was used for their submission and when they were submitted. For more information on using the 依赖项提交 API, see Using the dependency submission API.
If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to Dependabot alerts.
注意
GitHub Enterprise Server does not populate the Dependents view.