GitHub Community
Is Dependency Graph not available for a repo within an organization with a visibility of Internal? #189922
-
Select Topic AreaQuestion BodyI am trying to enable Dependabot in a .NET Blazor application I'm working on. First, I have to enable Dependency Graph. I went to the link to do that, but first it told me:
I was surprised that a Blazor project/solution doesn't use one of those file types or have the dependencies exposed to Dependency Graph in some other way. Next I went to see more about those file types and I found this page detailing what types of repositories are supported. That links says that dependency graph is available for the following repository types:
But how about repositories in a company's GitHub organization? Most of our have a visibility of Internal, not Public nor Private. Do repos with a visibility of Internal not able to have Dependency Graph applied? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
GitHub’s docs explicitly mention enabling the dependency graph for a “private or internal repository,” so “internal” visibility by itself is not the blocker. For a .NET/Blazor repo, the more likely issue is dependency detection. GitHub’s dependency graph supports NuGet/.NET manifests, and automatic dependency submission has ecosystem-specific support for .NET, so the “No dependencies found” message usually means GitHub is not seeing supported manifests/lock data in a way it can parse yet, rather than internal repos being unsupported. Overall, internal org repos can use Dependency Graph; check whether your Blazor solution is using supported NuGet manifests/lock files or enable automatic dependency submission for the repo |
Beta Was this translation helpful? Give feedback.
-
|
That must be in a different GitHub document, because the GitHub document I linked to did not mention Internal. Thank you for clarifying that for me! I am glad that we can use dependency graph. And I'll look at the NuGet manifests/lock files. |
Beta Was this translation helpful? Give feedback.
GitHub’s docs explicitly mention enabling the dependency graph for a “private or internal repository,” so “internal” visibility by itself is not the blocker. For a .NET/Blazor repo, the more likely issue is dependency detection. GitHub’s dependency graph supports NuGet/.NET manifests, and automatic dependency submission has ecosystem-specific support for .NET, so the “No dependencies found” message usually means GitHub is not seeing supported manifests/lock data in a way it can parse yet, rather than internal repos being unsupported.
Overall, internal org repos can use Dependency Graph; check whether your Blazor solution is using supported NuGet manifests/lock files or enable automatic de…