Dependency graph now supports submissions through the dependency submission API (beta). This enables you to add dependencies, such as those resolved when software is compiled or built, to the dependency graph. Submitted dependencies will appear in a repository's dependency graph and any associated vulnerabilities will trigger Dependabot alerts.
Releasing alongside the dependency submission API are the:
- Go Dependency Submission GitHub Action, which detects and submits Go dependencies to your dependency graph
- Dependency Submission Toolkit, which can be used to write workflows to submit dependencies to a repository