Users can now disable dependency graph for public repositories

You can now disable the dependency graph for public repositories. This gives you more control over your repository’s data and security features.

The dependency graph powers features like SBOMs, dependency insights, and Dependabot security alerts. Previously, it was always enabled for public repositories. Now, you can turn it off in Settings > Advanced Security if you don’t need these features.

Over the next few weeks, new public repositories will have the dependency graph disabled by default. We’ll also begin disabling it for inactive repositories, but you can always enable it at any time. Enabling Dependabot or pushing a commit will keep the dependency graph active.

These changes help improve GitHub’s performance and ensure the dependency graph remains relevant for active projects.

Join the Community discussion to share feedback or ask questions.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

Users can now disable dependency graph for public repositories

Related Posts

Subscribe to our developer newsletter