You can now disable the dependency graph for public repositories. This gives you more control over your repository’s data and security features.

The dependency graph powers features like SBOMs, dependency insights, and Dependabot security alerts. Previously, it was always enabled for public repositories. Now, you can turn it off in Settings > Advanced Security if you don’t need these features.

Over the next few weeks, new public repositories will have the dependency graph disabled by default. We’ll also begin disabling it for inactive repositories, but you can always enable it at any time. Enabling Dependabot or pushing a commit will keep the dependency graph active.

These changes help improve GitHub’s performance and ensure the dependency graph remains relevant for active projects.

Join the Community discussion to share feedback or ask questions.