Justin Hutchings
Director of Product Management for supply chain security. I manage the team that's behind Dependabot, the Advisory Database, and the dependency graph. Twitter: https://twitter.com/jhutchings0
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!
The dependency graph helps developers understand the software they depend on. While this has historically focused on traditional open source dependencies in your code from package managers like npm, NuGet, Maven, or RubyGems, millions of repositories are using GitHub Actions, and developers and maintainers can benefit from seeing who depends upon their actions.
Today, we are announcing that the dependency graph now supports GitHub Actions. From any repository which uses Actions, you can now see your Actions workflows listed alongside any other dependencies in the Insights/Dependency Graph experience.
Additionally, you can view a list of repositories that depend on your action under the Dependencies tab, or by looking at the “Used By” count on your repository homepage. This count does not include any private repositories that might use your action. In the event you maintain multiple packages or actions from one repository, you may also want to change the package that’s displayed on the repository home page to highlight the one you are most proud of.
The dependency graph is the foundation of GitHub’s supply chain security capabilities because understanding what you depend on is a crucial first step toward securing your software. You can configure Dependabot version updates to keep your Actions dependencies up to date automatically. Keep an eye on the public roadmap for more information about upcoming supply chain improvements in this area.
Learn more about the dependency graph
See what’s happening at Universe 2025, from experimental dev tools and career coaching to community-powered spaces. Save $400 on your pass with Early Bird pricing.
Delegate coding tasks to Copilot and track progress wherever you are on GitHub. Copilot works in the background, creates a pull request, and tags you for review when finished.
Discover the latest trends and insights on public software development activity on GitHub with the quarterly release of data for the Innovation Graph, updated through March 2025.