Justin Hutchings
Director of Product Management for supply chain security. I manage the team that's behind Dependabot, the Advisory Database, and the dependency graph. Twitter: https://twitter.com/jhutchings0
The dependency graph helps developers and maintainers understand the code they depend on, and now includes GitHub Actions!
The dependency graph helps developers understand the software they depend on. While this has historically focused on traditional open source dependencies in your code from package managers like npm, NuGet, Maven, or RubyGems, millions of repositories are using GitHub Actions, and developers and maintainers can benefit from seeing who depends upon their actions.
Today, we are announcing that the dependency graph now supports GitHub Actions. From any repository which uses Actions, you can now see your Actions workflows listed alongside any other dependencies in the Insights/Dependency Graph experience.
Additionally, you can view a list of repositories that depend on your action under the Dependencies tab, or by looking at the “Used By” count on your repository homepage. This count does not include any private repositories that might use your action. In the event you maintain multiple packages or actions from one repository, you may also want to change the package that’s displayed on the repository home page to highlight the one you are most proud of.
The dependency graph is the foundation of GitHub’s supply chain security capabilities because understanding what you depend on is a crucial first step toward securing your software. You can configure Dependabot version updates to keep your Actions dependencies up to date automatically. Keep an eye on the public roadmap for more information about upcoming supply chain improvements in this area.
Learn more about the dependency graph
Whether you’re hunting for the perfect gift for your significant other, the colleague you drew in the office gift exchange, or maybe (just maybe) even for yourself, we’ve got you covered with our top 10 gifts that any developer would love.
The Gaady Awards are like the Emmy Awards for the field of digital accessibility. And, just like the Emmys, the Gaadys are a reason to celebrate! On November 21, GitHub was honored to roll out the red carpet for the accessibility community at our San Francisco headquarters.
The GitHub Foundations Certification exam fee is now waived for all students verified through GitHub Education.