You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 4, 2025. It is now read-only.
Being able to see your dependency graph on GitHub in your Insights
tab.
For example you can see this
here
for this plugin.
If enabled, Dependabot can send you
alerts
about security vulnerabilities in your dependencies.
Requirements
Make sure in your repo settings the Dependency Graph feature is enabled as
well as Dependabot Alerts if you'd like them. (Settings -> Code security and
analysis)
Quick Start
The easiest way to use this plugin is with the mill-dependency-submission action. You can add this to a workflow like below:
The general idea is that the plugin works in a few steps:
Gather all the modules in your build
Gather all direct and transitive dependencies of those modules
Create a tree-like structure of these dependencies. We piggy back off
coursier for this and use its DependencyTree functionality.
We map this structure to that of a DependencySnapshot, which is what GitHub understands
We post this data to GitHub.
You can use another available task to see what the
Manifests
look like locally for your project, which are the main part of the
DependencySnapshot.
./mill --import ivy:io.chris-kipp::mill-github-dependency-graph::0.1.0 show io.kipp.mill.github.dependency.graph.Graph/generate
Limitation
You'll notice when using this that a lot of dependencies aren't linked back to
the repositories where they are located, some may be wrongly linked, and much of
the information the plugin is providing (like direct vs indirect) isn't actually
displayed in the UI. Much of this is either bugs or limitations on the GitHub UI
side. You can follow some conversation on this here.
About
A Mill plugin to submit your dependency graph to the GitHub Dependency Graph API
