Which GitHub Advanced Security feature helps identify all dependencies used by a repository, including transitive dependencies?

The Dependency Graph is the feature that identifies every dependency your repository uses, including transitive ones pulled in by other dependencies. It builds a complete map from package manifests and lockfiles across languages, showing both direct dependencies and the dependencies those depend on. This comprehensive visibility is exactly what you need when you want to know all dependencies involved, not just the ones you list directly. Code Scanning analyzes the codebase for security flaws, not for listing dependencies. Dependabot Alerts surface vulnerabilities found in dependencies, but they rely on the graph to know what to check; they’re alerts, not the enumeration itself. Security tab advisories are separate notices about known issues and don’t provide a full dependency inventory. So the Dependency Graph is the right choice.