GitHub Enterprise Cloud helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies, and patching them.
You can use the dependency graph to identify all your project's dependencies. The dependency graph supports a range of popular package ecosystems.
您可以通过启用依赖项关系图来允许用户标识其项目的依赖项。
依赖项审查可让您在将有漏洞的依赖项引入您的环境之前找到它们,并提供关于许可证、依赖项和依赖项存在时间的信息。
可以使用依赖项评审在将漏洞添加到项目之前捕获这些漏洞。
您可以使用依赖关系图查看项目所依赖的包 以及依赖它的仓库。 此外,您还可以看到在其依赖项中检测到的任何漏洞。
If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.