Creating a more comprehensive dependency graph with build time detection

GitHub has introduced a new API to enhance its dependency graph, which traditionally relied on static scans of manifest files to identify project dependencies and alert users to vulnerabilities. This API allows users to upload dependency information directly from their build tools, providing a more comprehensive view by combining build-time detection with static scanning, especially beneficial for package managers like Gradle and sbt, where dependencies are determined at build time. The API, currently in beta, includes a GitHub Action for Go to support transitive dependency detection, and users can create custom actions or submit dependencies directly, allowing for a more accurate and complete dependency graph. GitHub is actively seeking user feedback to improve the functionality further and plans to enhance features such as viewing metadata, accessing historical submissions, and integrating this data into scenarios like dependency reviews.