Skip to main content
Frecuentemente publicamos actualizaciones de nuestra documentación. Es posible que la traducción de esta página esté en curso. Para conocer la información más actual, visita la documentación en inglés. Si existe un problema con las traducciones en esta página, por favor infórmanos.
Enterprise Cloud
Español
Registrarse
 
Code security
Enterprise Cloud
Español
Registrarse

 

Exploring the dependencies of a repository

En este artículo

You can use the dependency graph to see the packages your project depends on and the repositories that depend on it. In addition, you can see any vulnerabilities detected in its dependencies.

Viewing the dependency graph

The dependency graph shows the dependencies and dependents of your repository. For information about the detection of dependencies and which ecosystems are supported, see "About the dependency graph."

  1. En GitHub.com, visita la página principal del repositorio.
  2. Debajo de tu nombre de repositorio, da clic en Perspectivas. Pestaña de perspectivas en la barra de navegación del repositorio principal
  3. En la barra lateral izquierda, da clic en Gráfica de dependencias. Pestaña de gráfica de dependencias en la barra lateral izquierda
  4. Optionally, under "Dependency graph", click Dependents. Dependents tab on the dependency graph page

Dependencies view

Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies. Dependencies on private repositories, private packages, or unrecognized files are shown in plain text. If the package manager for the dependency is in a public repository, GitHub Enterprise Cloud will display a link to that repository.

If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to Las alertas del dependabot.

Dependencies graph

Dependents view

For public repositories, the dependents view shows how the repository is used by other repositories. To show only the repositories that contain a library in a package manager, click NUMBER Packages immediately above the list of dependent repositories. The dependent counts are approximate and may not always match the dependents listed.

Dependents graph

Enabling and disabling the dependency graph for a private repository

Los administradores del repositorio pueden habilitar o inhabilitar la gráfica de dependencias para los repositorios privados.

También puedes habilitar o inhabilitar la gráfica de dependencias para todos los repositorios que pertenecen a tu cuenta de usuario u organización. For more information, see "Configuring the dependency graph."

  1. En GitHub.com, visita la página principal del repositorio.

  2. Debajo de tu nombre de repositorio, da clic en Configuración. Botón de configuración del repositorio

  3. En la sección de "Seguridad" de la barra lateral, haz clic en Análisis y seguridad de código.

  4. Lee los mensajes sobre el otorgar acceso de solo lectura a GitHub Enterprise Cloud para los datos del repositorio para así habilitar la gráfica de dependencias, posteriormente, da clic en Habilitar junto a "Gráfica de Dependencias". "Enable" button for the dependency graph Puedes inhabilitar la gráfica de dependencias en cualquier momento si haces clic en Inhabilitar junto a "Gráfica de dependencias" en la página de ajustes de "Análisis y seguridad de código."

Changing the "Used by" package

You may notice some repositories have a "Used by" section in the sidebar of the Code tab. Your repository will have a "Used by" section if:

  • The dependency graph is enabled for the repository (see the above section for more details).
  • Your repository contains a package that is published on a supported package ecosystem.
  • Within the ecosystem, your package has a link to a public repository where the source is stored.

The "Used by" section shows the number of public references to the package that were found, and displays the avatars of some of the owners of the dependent projects.

"Used by" sidebar section

Clicking any item in this section takes you to the Dependents tab of the dependency graph.

The "Used by" section represents a single package from the repository. If you have admin permissions to a repository that contains multiple packages, you can choose which package the "Used by" section represents.

  1. En GitHub.com, visita la página principal del repositorio.

  2. Debajo de tu nombre de repositorio, da clic en Configuración. Botón de configuración del repositorio

  3. En la sección de "Seguridad" de la barra lateral, haz clic en Análisis y seguridad de código.

  4. Under "Code security and analysis", click the drop-down menu in the "Used by counter" section and choose a package. Choose a "Used by" package

Troubleshooting the dependency graph

If your dependency graph is empty, there may be a problem with the file containing your dependencies. Check the file to ensure that it's correctly formatted for the file type.

If the file is correctly formatted, then check its size. The dependency graph ignores individual manifest and lock files that are over 1.5 Mb, unless you are a GitHub Enterprise user. It processes up to 20 manifest or lock files per repository by default, so you can split dependencies into smaller files in subdirectories of the repository.

If a manifest or lock file is not processed, its dependencies are omitted from the dependency graph and they can't be checked for vulnerable dependencies.

Further reading