Dependency Graph should be displayed as a dependency tree #118753
Unanswered
liaodaniel
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Product Feedback
Body
The dependency graph provides a simplistic view of how to view dependencies within your repository. To help users resolve vulnerabilities in transitive dependencies, it would be beneficial if we can instead display the dependency graph more like a dependency tree i.e. show the relationship between dependencies.
Today, we have dependency snapshot submission + dependency review to report on vulnerability findings to handle the scenario of reviewing dependencies prior to merge. However, should a pull request be merged, users are left with numerous dependabot alerts raised that have no correlation back to the direct dependency. This forces users to rely on various tools to analyse the dependency tree and figure out which direct dependency they needed to remediate.
Beta Was this translation helpful? Give feedback.
All reactions