Skip to content

Updates to the repository dependency graph view

The dependency graph shows a summary of the manifest and lock files stored in a repository. The repository view has an updated user experience that includes:

  • Search by package name from a paginated list of all dependencies
  • Dependency licenses
  • Dependabot alerts for dependencies, sorted by severity, and linking to the Dependabot alerts and the Dependabot updates pull request where applicable (only visible for users with priveleges to view the repository's Dependabot alerts)

Screenshot of dependency graph UX, using the high contrast theme

Access a repository's dependency graph from Insights > Dependency graph.

Generate an SBOM from the dependency graph

A software bill of materials (SBOM) is a standardized inventory of a software project's dependencies and associated metadata (versions, licenses, etc). You can now export your repository's dependency graph as an SBOM adhering to the SPDX 2.3 specification.

Click "Export SBOM" on a repository's dependency graph to generate an SBOM representing the head of the main branch. The resulting JSON file will download in your browser. Exporting an SBOM is free for all cloud repositories on GitHub, and can be performed by anyone with read access to a repository.

A supporting REST API to generate SBOMs for repositories will be available in the coming weeks.

Screenshot of a repository's dependency graph with SBOM export button in the top right corner

See more

GitHub Actions: Visual Studio Code Extension is now in public beta

The GitHub Actions extension for VS Code is now in public beta. This extension includes rich editing features, such as syntax validation and autocomplete, making workflow authoring and editing faster and easier. Developers will also be able to view workflow runs, inspect logs, and trigger re-runs directly from VS Code.

To get started, visit the VS Code Marketplace or learn more about the extension's capabilities from the Actions VS Code Extension blog post.

See what's next for Actions by visiting our public roadmap.

See more
View all changes