Securing your dependencies

Enable Dependabot alerts to be generated when a new vulnerable dependency is found in one of your repositories.

You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.

You can configure your repository so that Dependabot automatically updates the packages you use.

You can use Dependabot to keep the actions you use updated to the latest versions.

You can allow users to identify their projects' dependencies by enabling the dependency graph.

You can use the dependency graph to see the packages your project depends on and the repositories that depend on it. In addition, you can see any vulnerabilities detected in its dependencies.

You can use automatic dependency submission to submit transitive dependency data in your repository. This enables you to analyze these transitive dependencies using the dependency graph.

You can use the API de soumission de dépendances to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled.

You can avoid tampering and accidental changes by ensuring the releases you use have not been modified after publication.