How can you view a list of all dependencies and their known vulnerabilities for a repository in GitHub Advanced Security?

You view all dependencies and their known vulnerabilities in GHAS by using the Dependency Graph, Dependency Review results in pull requests, and the Security tab advisories. The Dependency Graph provides a complete list of every dependency the repository uses, pulled from manifest files and lockfiles so you can see the full surface you’re depending on. Dependency Review in pull requests analyzes proposed changes to those dependencies, showing how adding, removing, or updating packages could affect the dependency set and its risk, including any known vulnerabilities tied to those changes. The Security tab advisories then surface current known vulnerabilities across the repository’s dependencies, showing affected versions, severities, and available fixes or upgrade paths. This combination gives you a centralized, up-to-date view of both what you rely on and where the security risks lie. Running a local scanner outside GitHub misses this integrated, repo-wide perspective; focusing only on code changes ignores the dependency surface; and the Security tab’s issues doesn’t provide the same centralized vulnerability view as the advisories.