◐ Shell
clean mode source ↗

docs: clarify dependency graph/review enabled/default status by hesreallyhim · Pull Request #44586 · github/docs

Copilot

Summary of issue: this document/section (https://docs.github.com/en/code-security/concepts/supply-chain-security/about-supply-chain-security#feature-availability) states:

Dependency graph: Enabled by default and cannot be disabled.
Dependency review: Enabled by default and cannot be disabled.

This appears to be stale information, given other references cited in the issue mentioned below, and in particular two GitHub changelog/announcements (https://github.blog/changelog/2025-05-15-users-can-now-disable-dependency-graph-for-public-repositories/) and (https://github.blog/changelog/2025-06-17-dependency-graph-now-defaults-to-off/), the more recent of which states:

Following last month’s change that added the ability to turn off dependency graph, the setting for newly-created public repositories will now default to off.

Why:

Closes: #44585

What's being changed (if available, include any code snippets, screenshots, or gifs):

I'm submitting a change to a single doc that appears to have missed the changes made after the announcements cited above. Rather than correcting individual lines that are now false, I am proposing that the whole section, which is broken into Public, Private, and Any, be condensed, since the distinction between public and private is now significantly reduced. (More citations can be found in the linked issue.)

There is another document which contains this same error, but it is outside of the content directory, so I didn't know if I should touch it:

data/reusables/gated-features/dependency-graph.md:

The dependency graph is available for the following repository types:

* Public repositories (on by default)
* Private repositories
* Forks

I also made a change to a formatting error affecting the "Immutable Releases" item, which had an extra *, creating this visual bug:

Screenshot 2026-06-04 at 3 52 00 AM

Check off the following:

  • A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
  • The changes in this PR meet the docs fundamentals that are required for all content.
  • All CI checks are passing and the changes look good in the review environment.