Enterprise owners must enable Dependabot alerts for vulnerable dependencies for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Enabling the dependency graph and Dependabot alerts on your enterprise account."
The dependency graph shows the dependencies of your repository. For information about the detection of dependencies and which ecosystems are supported, see "About the dependency graph."
- On your GitHub Enterprise Server instance, navigate to the main page of the repository.
- Under your repository name, click Insights.
- In the left sidebar, click Dependency graph.
Any direct and indirect dependencies that are specified in the repository's manifest or lock files are listed, grouped by ecosystem. If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to Dependabot alerts.
Note: GitHub Enterprise Server does not populate the Dependents view.
If your dependency graph is empty, there may be a problem with the file containing your dependencies. Check the file to ensure that it's correctly formatted for the file type.
If a manifest or lock file is not processed, its dependencies are omitted from the dependency graph and they can't be checked for vulnerable dependencies.