Skip to main content

About supply chain security for your enterprise

You can enable features that help your developers understand and update the dependencies their code relies on.

You can allow users to identify their projects' dependencies by enabling the dependency graph for GitHub Enterprise Server. For more information, see Enabling the dependency graph for your enterprise.

After you enable the dependency graph, users will have access to the dependency review feature. Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. For more information, see "About dependency review."

You can also allow users to find and fix vulnerabilities in their code dependencies by enabling Dependabot alerts and Dependabot updates. For more information, see Enabling Dependabot for your enterprise.

After you enable Dependabot alerts, you can view vulnerability data from the GitHub Advisory Database on GitHub Enterprise Server and manually sync the data. For more information, see Viewing the vulnerability data for your enterprise.