This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2020-05-23. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Article version: Enterprise Server 2.17

Listing the packages that a repository depends on

You can see your project's dependencies, as well as any detected vulnerabilities, in the dependency graph.

In this article

About the dependency graph

The dependency graph is available for every repository that define dependencies in a supported package ecosystem using a supported file format.

Your site administrator must enable security alerts for vulnerable dependencies for your GitHub Enterprise Server instance before you can use this feature. For more information, see "Enabling security alerts for vulnerable dependencies on GitHub Enterprise Server."

You can view and update vulnerable dependencies in your repository's dependency graph. The dependency graph lists vulnerable dependencies before other dependencies. For more information, see "About security alerts for vulnerable dependencies."

Supported package ecosystems

Package managerLanguagesRecommended formatsSupported formats
MavenJava, Scalapom.xmlpom.xml
npmJavaScriptpackage-lock.jsonpackage-lock.json, package.json
YarnJavaScriptyarn.lockpackage.json, yarn.lock
dotnet CLI.NET languages (C#, C++, F#, VB).csproj, .vbproj, .nuspec, .vcxproj, .fsproj.csproj, .vbproj, .nuspec, .vcxproj, .fsproj, packages.config
Python PIPPythonrequirements.txt, pipfile.lockrequirements.txt, pipfile.lock, setup.py*
RubyGemsRubyGemfile.lockGemfile.lock,Gemfile, *.gemspec

Note: If you list your Python dependencies within a setup.py file, we may not be able to parse, list, and alert on every dependency in your project.

Listing dependencies for a repository with the dependency graph enabled

  1. On GitHub Enterprise, navigate to the main page of the repository.
  2. Under your repository name, click Insights.
    Insights tab in the main repository navigation bar
  3. In the left sidebar, click Dependency graph.
    Dependency graph tab in the left sidebar

Troubleshooting the dependency graph

If your project has dependencies, but no dependencies are detected in your graph, there may be a problem with the file containing your dependencies. Check your project's file to ensure that it's correctly formatted for the file type.

Further reading

Ask a human

Can't find what you're looking for?

Contact us