Skip to content

Secure your software supply chain

Avoid adding new vulnerabilities with dependency review. Your software is more than the code you have written. With up to 94% of active repositories relying on open source*, you rely on many components you didn’t produce, but which you still need to secure.

Discover dependency review beta Contact sales

Know what’s in your environment

Identify your dependencies, dependents, and their properties to understand your software supply chain.

Discover your dependencies using GitHub’s dependency graph, including transitive dependencies.

Manage your dependencies

Get notified when there are new vulnerabilities affecting your dependencies, and keep your dependencies up-to-date and optimized with Dependabot.

Understand the risks from your dependencies, including inherited vulnerabilities and licensing restrictions, and easily see what dependencies have changed in a pull request using dependency review.

Update dependencies for the latest functionality and security patches with automated pull requests from Dependabot.

Keep your dependencies up to date even when there isn’t a new vulnerability, so that you can quickly respond when it’s critical.

Fix and publish vulnerability information

Review, fix and publish issues securely. Contribute and refer to a curated, open-source database of vulnerabilities.

GitHub Advisory Database

Develop a private fix and publish an advisory about a vulnerability in your project, and share your reporting and disclosure policy with the world.

Get involved through GitHub Security Lab

Secure software from the start

Whether you’re contributing to an open source project or choosing new tools for your team, your security needs are covered.