Secure your supply chain, understand dependencies in your environment, know about vulnerabilities in those dependencies and patch them.
GitHub helps you secure your supply chain, from understanding the dependencies in your environment, to knowing about vulnerabilities in those dependencies and patching them.
- Who this is for: Developers, DevOps Engineers, Site Reliability Engineers, Security experts
- What you'll learn: How to view repository dependencies, view Dependabot alerts, and enable Dependabot security and version updates
- What you'll build: Repository dependencies, Dependabot alerts, pull requests to fix dependencies and version updates
- Prerequisites: None
- Timing: This exercise can be completed in under an hour
In this exercise, you will explore:
- Dependency graph
- Dependency alerts
- Dependency security updates
- Dependency versions updates
Simply copy the exercise to your account, then give your favorite Octocat (Mona) about 20 seconds to prepare the first lesson, then refresh the page.
Having trouble? 🤷
When copying the exercise, we recommend the following settings:
-
For owner, choose your personal account or an organization to host the repository.
-
We recommend creating a public repository, since private repositories will use Actions minutes.
If the exercise isn't ready in 20 seconds, please check the Actions tab.
-
Check to see if a job is running. Sometimes it simply takes a bit longer.
-
If the page shows a failed job, please submit an issue. Nice, you found a bug! 🐛
© 2025 GitHub • Code of Conduct • MIT License
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
