Almost all software relies on code developed and maintained by other developers, often known as a supply chain. For example, utilities, libraries, and frameworks. These dependencies are an integral part of your code and any bugs or vulnerabilities in them may affect your code. It's important to review and maintain these dependencies.
The dependency graph provides a great way to visualize and explore the dependencies for a repository. For more information, see "About the dependency graph" and "Exploring the dependencies of a repository."
You can also set up your repository so that GitHub alerts you automatically whenever a security vulnerability is found in one of your dependencies. For more information, see "About alerts for vulnerable dependencies." |