Dependency Graph

The dependency graph provides an interactive 3D visualization of your project’s dependency tree, making it easy to spot vulnerable packages and understand how they flow into your project.

3D Interactive Graph

Navigate to Dashboard → SCA → Graph to open the visualization. The graph renders all direct and transitive dependencies as an interactive 3D network.

Controls

• Rotate — Click and drag to rotate the graph
• Zoom — Scroll to zoom in and out
• Select — Click any node to view package details (name, version, vulnerabilities, license)

Color Coding

Nodes are colored by their highest-severity issue:

Direct vs Transitive Dependencies

• Direct dependencies appear as larger nodes connected directly to your project root
• Transitive dependencies are smaller nodes further from the root — these are pulled in by your direct dependencies

Understanding this distinction matters because a vulnerable transitive dependency may be fixable by upgrading the direct dependency that requires it.

Dependency Tree View

For a structured alternative to the 3D graph, switch to the Tree tab:

1. Navigate to Dashboard → SCA → Tree
2. Expand any package to see its sub-dependencies
3. Use the search bar to locate a specific package by name
4. Vulnerability badges appear next to affected packages

Interpreting the Graph for Security Decisions

1. Look for red clusters — A cluster of red nodes indicates a dependency chain with multiple vulnerabilities
2. Check transitive depth — Deeply nested vulnerable packages are harder to fix directly
3. Identify shared dependencies — A single vulnerable package pulled in by multiple direct dependencies may require coordinated upgrades
4. Prioritize direct dependencies — Upgrading a direct dependency often resolves transitive vulnerabilities automatically