GitHub Action Guide

Installation

Add this workflow file to your repository at .github/workflows/depgraph.yml:

name: Dependency Health Check

on: [pull_request]

jobs:
  depgraph:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: depgraph/action@v1
        with:
          api-key: ${{ secrets.DEPGRAPH_API_KEY }}
          fail-on: critical
          post-comment: true

Add your API key as a repository secret named DEPGRAPH_API_KEY. Get your key at depgraph.vedanshh.dev/settings/api.

Inputs

Input	Required	Default	Description
`api-key`	✅	—	API key from depgraph.vedanshh.dev (Pro/Team plan required)
`fail-on`	❌	`critical`	Threshold for CI failure: `none \| critical \| high \| medium`
`post-comment`	❌	`true`	Post or update a PR comment with the health report

Outputs

Output	Description
`overall-score`	Project health score (0–100)
`critical-count`	Number of critical-risk new dependencies
`high-count`	Number of high-risk new dependencies
`report-url`	Public URL to the full scan report

Advanced Examples

Warning-only mode (no failures)

- uses: depgraph/action@v1
  with:
    api-key: ${{ secrets.DEPGRAPH_API_KEY }}
    fail-on: none
    post-comment: true

Strict mode — fail on any medium+ risk

- uses: depgraph/action@v1
  with:
    api-key: ${{ secrets.DEPGRAPH_API_KEY }}
    fail-on: medium
    post-comment: true