GitHub Launches New Dependency Graph Feature with Security Alerts Coming Soon

GitHub announced a new Dependency Graph feature at the Github Universe conference yesterday. It lists all the dependencies for a repository and will soon identify known vulnerabilities. The graph can be accessed under the Insights tab and currently supports Ruby and JavaScript dependencies with Python coming soon.
Public repositories display the graph by default and private repository owners also have the option to enable it. Below is a screenshot of Gutenberg’s dependency graph:

GitHub plans to extend dependency graphs to show security alerts when one of the dependencies is using a version that is publicly known to be vulnerable to a security issue....

Read the full content here