ドキュメントには頻繁に更新が加えられ、その都度公開されています。本ページの翻訳はまだ未完成な部分があることをご了承ください。最新の情報については、英語のドキュメンテーションをご参照ください。本ページの翻訳に問題がある場合はこちらまでご連絡ください。
記事のバージョン: GitHub.com

Exploring the dependencies of a repository

Using the dependency graph, you can see the packages your project depends on and the repositories that depend on it. In addition, you can see any vulnerabilities detected in its dependencies.

ここには以下の内容があります:

Viewing the dependency graph

The dependency graph shows the dependencies and dependents of your repository. For information about the detection of dependencies and which ecosystems are supported, see "About the dependency graph."

  1. GitHubで、リポジトリのメインページにアクセスしてください。
  2. リポジトリ名の下で Insights(インサイト)をクリックしてください。
    リポジトリのナビゲーションバーのインサイトタブ
  3. 左のサイドバーでDependency graph(依存関係グラフ)をクリックしてください。
    左のサイドバーの依存関係グラフタブ
  4. Optionally, under "Dependency graph", click Dependents.
    Dependents tab on the dependency graph page

Dependencies view

Dependencies are grouped by ecosystem. You can expand a dependency to view its dependencies. For dependencies on public repositories hosted on GitHub, you can also click a dependency to view the repository. Dependencies on private repositories, private packages, or unrecognized files are shown in plain text.

If vulnerabilities have been detected in the repository, these are shown at the top of the view for users with access to GitHub Dependabotアラート.

Dependencies graph

Dependents view

For public repositories, the dependents view shows how the repository is used by other repositories. To show only the repositories that contain a library in a package manager, click NUMBER Packages immediately above the list of dependent repositories. The dependent counts are approximate and may not always match the dependents listed.

Dependents graph

Enabling and disabling the dependency graph for a private repository

Repository administrators can enable or disable the dependency graph for private repositories.

You can also enable or disable the dependency graph for all repositories owned by your user account or organization. For more information, see "Managing security and analysis settings for your user account" or "Managing security and analysis settings for your organization."

  1. GitHubで、リポジトリのメインページにアクセスしてください。
  2. リポジトリ名の下で Settings(設定)をクリックしてください。
    リポジトリの設定ボタン
  3. 左のサイドバーで、Security & analysis(セキュリティと分析)をクリックしてください。
    リポジトリ設定の"セキュリティと分析"タブ
  4. Read the message about granting GitHub read-only access to the repository data to enable the dependency graph, then next to "Dependency Graph", click Enable.
    "Enable" button for the dependency graph

You can disable the dependency graph at any time by clicking Disable next to "Dependency Graph" on the Security & analysis tab.

Troubleshooting the dependency graph

If your dependency graph is empty, there may be a problem with the file containing your dependencies. Check the file to ensure that it's correctly formatted for the file type.

If the file is correctly formatted, then check its size. The dependency graph ignores individual manifest and lock files that are over 0.5 Mb, unless you are a GitHub Enterprise user. It processes up to 20 manifest or lock files per repository by default, so you can split dependencies into smaller files in subdirectories of the repository.

If a manifest or lock file is not processed, its dependencies are omitted from the dependency graph and they can't be checked for vulnerable dependencies.

Further reading

担当者にお尋ねください

探しているものが見つからなかったでしょうか?

弊社にお問い合わせください