Dependency auto-submission now supports Python

Automatic dependency submission now supports the pip package manager for Python. This release completes the cohort of package managers that now have auto-submission support, adding to the previously-released Maven, Gradle, and .NET ecosystems. Dependency auto-submission uploads a snapshot of a repository’s dependencies to the dependency graph submission API. The dependency graph then can see the full, transitive dependency tree of the project, which is useful for generating SBOMs, dependency insights, and Dependabot security alerts.

In order to use this feature, you must first enable the dependency graph in your repository’s settings: under Advanced Security, enable Automatic Dependency Submission. Your repository must also have GitHub Actions enabled. Note that turning on this feature will incur actions usage. For more information, see Configuring automatic dependency submission.

JUN.9Release
Dependabot version updates now support the Deno ecosystem
- Supply Chain Security
JUN.9Retired
Upcoming breaking changes for npm v12
- Supply Chain Security
MAY.26Release
Dependabot version updates now support the sbt ecosystem
- Supply Chain Security
MAY.22Release
Staged publishing and new install-time controls for npm
- Supply Chain Security
MAY.19Retired
Upcoming deprecation of Python 3.9 for Dependabot
- Supply Chain Security
MAY.12Retired
Synchronous SBOM API deprecated
- Supply Chain Security
MAY.11Improvement
Cross-org Dependabot access for internal repositories
- Supply Chain Security
MAY.6Release
Search and filter bar for repository security advisories
- Supply Chain Security
MAY.5Release
Dependency scanning with GitHub MCP Server is in public preview
- Supply Chain Security

Dependency auto-submission now supports Python

Related Posts

Subscribe to our developer newsletter