Skip to main content

Understanding your software supply chain

  • About supply chain security

    GitHub AE helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies.

  • About the dependency graph

    You can use the dependency graph to identify all your project's dependencies. The dependency graph supports a range of popular package ecosystems.

  • Configuring the dependency graph

    You can allow users to identify their projects' dependencies by enabling the dependency graph.

  • About dependency review

    Dependency review lets you catch insecure dependencies before you introduce them to your environment, and provides information on license, dependents, and age of dependencies.

  • Configuring dependency review

    You can use dependency review to catch vulnerabilities before they are added to your project.

  • Exploring the dependencies of a repository

    You can use the dependency graph to see the packages your project depends on. In addition, you can see any vulnerabilities detected in its dependencies.

  • Troubleshooting the dependency graph

    If the dependency information reported by the dependency graph is not what you expected, there are a number of points to consider, and various things you can check.