GitHub AE helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies.
You can use the dependency graph to identify all your project's dependencies. The dependency graph supports a range of popular package ecosystems.
Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.
If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.