Skip to main content
Free, Pro, & Team
English
Sign up
 
Code security
Free, Pro, & Team
English
Sign up

 

Configuring dependency review

In this article

You can use dependency review to catch vulnerabilities before they are added to your project.

About dependency review

Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request. Dependency review informs you of:

  • Which dependencies were added, removed, or updated, along with the release dates.
  • How many projects use these components.
  • Vulnerability data for these dependencies.

For more information, see "About dependency review" and "Reviewing dependency changes in a pull request."

About configuring dependency review

Dependency review is available in all public repositories in all products and cannot be disabled. Dependency review is available in private repositories owned by organizations that use GitHub Enterprise Cloud and have a license for GitHub Advanced Security. For more information, see the GitHub Enterprise Cloud documentation.