depGraph

GitHub Action Guide

Automate dependency health checks on every pull request. Fail CI on critical risk before code merges.

Quick Setup

Add this workflow file to your repository at .github/workflows/depgraph.yml:

yaml
name: Dependency Health Check

on: [pull_request]

jobs:
  depgraph:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: depgraph/action@v1
        with:
          api-key: ${{ secrets.DEPGRAPH_API_KEY }}
          fail-on: critical
          post-comment: true

Add your API key as a repository secret named DEPGRAPH_API_KEY. Generate your key at Settings → API Keys.

Inputs

InputRequiredDefaultDescription
api-keyYesAPI key from dashboard (Pro plan required)
fail-onNocriticalnone | critical | high | medium
post-commentNotruePost health report as PR comment

Outputs

OutputDescription
overall-scoreProject health score (0–100)
critical-countNumber of critical-risk new dependencies
high-countNumber of high-risk new dependencies
report-urlPublic URL to the full scan report

Advanced Examples

Warning-only mode (no build failures)

yaml
- uses: depgraph/action@v1
  with:
    api-key: ${{ secrets.DEPGRAPH_API_KEY }}
    fail-on: none
    post-comment: true

Strict mode — fail on any medium+ risk

yaml
- uses: depgraph/action@v1
  with:
    api-key: ${{ secrets.DEPGRAPH_API_KEY }}
    fail-on: medium
    post-comment: true