GitHub Enterprise Server helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies, and patching them.
You can use the dependency graph to identify all your project's dependencies. The dependency graph supports a range of popular package ecosystems.
您可以通过启用依赖项关系图来允许用户标识其项目的依赖项。
Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.
可以使用依赖项评审在将漏洞添加到项目之前捕获这些漏洞。
您可以使用依赖关系图查看项目所依赖的包。 此外,您还可以看到在其依赖项中检测到的任何漏洞。
If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.