Skip to main content

Configuring the dependency graph

You can allow users to identify their projects' dependencies by enabling the dependency graph.

About the dependency graph

El gráfico de dependencias es un resumen de los archivos de manifiesto y de bloqueo almacenados en un repositorio y las dependencias que se envían para el repositorio mediante la API de envío de dependencias (beta). Para cada repositorio, muestra:

  • Las dependencias, ecosistemas y paquetes de los cuales depende
  • Los dependientes, repositorios y paquetes que dependen de ella

For more information, see "About the dependency graph."

About configuring the dependency graph

To generate a dependency graph, GitHub needs read-only access to the dependency manifest and lock files for a repository. The dependency graph is automatically generated for all public repositories and you can choose to enable it for private repositories. For more information on viewing the dependency graph, see "Exploring the dependencies of a repository."

De manera adicional, puedes usar Dependency submission API (versión beta) para enviar dependencias desde el administrador de paquetes o el ecosistema que prefieras, incluso si el ecosistema no es compatible con el gráfico de dependencias para el análisis del archivo de manifiesto o de bloqueo. El gráfico de dependencias mostrará las dependencias enviadas agrupadas por ecosistema, pero por separado de las dependencias analizadas de los archivos de manifiesto o de bloqueo. Para más información sobre Dependency submission API, consulta"Uso de Dependency submission API".

Enabling and disabling the dependency graph for a private repository

Repository administrators can enable or disable the dependency graph for private repositories.

You can also enable or disable the dependency graph for all repositories owned by your user account or organization. For more information, see "Configuring the dependency graph."

  1. On GitHub.com, navigate to the main page of the repository.

  2. Debajo del nombre del repositorio, haz clic en Configuración. Botón de configuración del repositorio

  3. In the "Security" section of the sidebar, click Code security and analysis.

  4. Read the message about granting GitHub read-only access to the repository data to enable the dependency graph, then next to "Dependency Graph", click Enable. "Enable" button for the dependency graph You can disable the dependency graph at any time by clicking Disable next to "Dependency Graph" on the settings page for "Code security and analysis."

When the dependency graph is first enabled, any manifest and lock files for supported ecosystems are parsed immediately. The graph is usually populated within minutes but this may take longer for repositories with many dependencies. Once enabled, the graph is automatically updated with every push to the repository and every push to other repositories in the graph.

Further reading