Dependency review helps you understand dependency changes and the security impact of these changes at every pull request. It provides an easily understandable visualization of dependency changes with a rich diff on the "Files Changed" tab of a pull request. Dependency review informs you of:
- Which dependencies were added, removed, or updated, along with the release dates.
- How many projects use these components.
- Vulnerability data for these dependencies.
Dependency review is available when dependency graph is enabled for your enterprise and Advanced Security is enabled for the organization or repository.
On your enterprise, navigate to the main page of the repository.
Under your repository name, click Settings.
In the left sidebar, click Security & analysis.
Under "Configure security and analysis features", check if the dependency graph is enabled.
If dependency graph is enabled, click Enable next to "GitHub Advanced Security" to enable Advanced Security, including dependency review. The enable button is disabled if your enterprise has no available licenses for Advanced Security.