Dependabot-based dependency graphs for Go

Published: 12 hours ago (December 9, 2025 at 10:54 AM EST)

1 min read

Source: GitHub Changelog

Dependabot DGS for Go

Continuing the supply‑chain‑security theme of continually improving our package‑ecosystem support, Go projects will now see more complete and accurate transitive dependency trees in their dependency graphs and Software Bill of Materials (SBOMs).

Dynamic version resolution

Since Go resolves dependency versions dynamically, getting an accurate picture of a project’s dependencies cannot rely on static parsing.

New Dependabot job

When a commit updates a project’s go.mod, GitHub runs a new type of Dependabot job that:

Builds a dependency snapshot.
Uploads the snapshot to the Dependency Submission API.

Benefits

No action‑minute charges – the process does not incur costs for GitHub Actions minutes.
Organization‑wide configuration – the job can access private‑registry settings you’ve configured for Dependabot across the organization.

Learn more

For additional details, see the documentation on Configuring the dependency graph.

Dependabot-based dependency graphs for Go

Dependabot DGS for Go

Dynamic version resolution

New Dependabot job

Benefits

Learn more

Related posts

Track Copilot code generation metrics in a dashboard

Claude Opus 4.5 is now available in Visual Studio, JetBrains IDEs, Xcode, and Eclipse

MCP joins the Linux Foundation: What this means for developers building the next era of AI tools and agents

Speed is nothing without control: How to keep quality high in the AI era