Document dependency graph and Dependency Insights limitations on GHE.com (#61912)

corycalahan · mchammer01 · web-flow · commit 8ad3178fe250 · 2026-06-26T21:04:28.000Z
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md b/content/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency.md
@@ -22,6 +22,8 @@ The following features are currently unavailable on {% data variables.enterprise
 
 | Feature | Details | More information |
 | :- | :- | :- |
+| Dependency insights | Organization-level and enterprise-level dependency insights are unavailable and display no data. | [AUTOTITLE](/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization) |
+| License and package metadata in the dependency graph | License and package details are not currently populated in the dependency graph. This can result in empty license fields in software bill of materials (SBOM) exports and missing license information from the {% data variables.dependency-review.action_name %}. | [AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/export-dependencies-as-sbom)<br>[AUTOTITLE](/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-dependency-review-action) |
 | macOS runners for {% data variables.product.prodname_actions %} | Currently unavailable. | [AUTOTITLE](/actions/using-github-hosted-runners/about-github-hosted-runners/about-github-hosted-runners) |
 | Maven and Gradle support for {% data variables.product.prodname_registry %} | Currently unavailable. | [AUTOTITLE](/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry) |
 | {% data variables.product.prodname_marketplace %} | {% data variables.product.prodname_marketplace %}, as a means of searching for, purchasing, and directly installing apps and actions, is unavailable. Ecosystem apps and actions can still be discovered and installed from their source, but they may require modification to work on {% data variables.enterprise.data_residency_site %}. | [{% data variables.product.prodname_actions %} workflows from {% data variables.product.prodname_marketplace %}](#github-actions-workflows-from-github-marketplace) |
diff --git a/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/export-dependencies-as-sbom.md b/content/code-security/how-tos/secure-your-supply-chain/establish-provenance-and-integrity/export-dependencies-as-sbom.md
@@ -19,6 +19,13 @@ You can export the current state of the dependency graph for your repository as
 
 SBOMs include an inventory of a project's dependencies and associated information such as {% ifversion ghes %}versions and package identifiers{% else %}versions, package identifiers, licenses, transitive paths, and copyright information{% endif %}. SBOMs do not include dependents (other projects that rely on your project).
 
+{% ifversion ghec %}
+
+> [!NOTE]
+> {% data reusables.data-residency.dependency-graph-data-availability %}
+
+{% endif %}
+
 ## Exporting a software bill of materials for your repository from the UI
 
 {% data reusables.repositories.navigate-to-repo %}
diff --git a/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-dependency-review-action.md b/content/code-security/how-tos/secure-your-supply-chain/manage-your-dependency-security/configure-dependency-review-action.md
@@ -18,6 +18,13 @@ category:
 
 The "{% data variables.dependency-review.action_name %}" refers to the specific action that can report on differences in a pull request within the {% data variables.product.prodname_actions %} context. It can also add enforcement mechanisms to the {% data variables.product.prodname_actions %} workflow. For more information, see [AUTOTITLE](/code-security/concepts/supply-chain-security/about-dependency-review#about-the-dependency-review-action).
 
+{% ifversion ghec %}
+
+> [!NOTE]
+> {% data reusables.data-residency.dependency-graph-data-availability %}
+
+{% endif %}
+
 For a list of common configuration options, see [Dependency review](https://github.com/marketplace/actions/dependency-review#configuration-options) on the {% data variables.product.prodname_marketplace %}.
  
 ## Configuring the {% data variables.dependency-review.action_name %}
diff --git a/content/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization.md b/content/organizations/collaborating-with-groups-in-organizations/viewing-insights-for-dependencies-in-your-organization.md
@@ -15,6 +15,8 @@ category:
 
 > [!NOTE]
 > To view organization dependency insights, your organization must use {% data variables.product.prodname_ghe_cloud %}. {% data reusables.enterprise.link-to-ghec-trial %}
+>
+> {% data reusables.data-residency.dependency-graph-data-availability %}
 
 ## Viewing organization dependency insights
 
diff --git a/data/reusables/data-residency/dependency-graph-data-availability.md b/data/reusables/data-residency/dependency-graph-data-availability.md
@@ -0,0 +1,2 @@
+On {% data variables.enterprise.data_residency_site %}, dependency insights and license and package metadata in the dependency graph are not currently available. The dependency graph itself remains available at the repository level. See [AUTOTITLE](/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency#currently-unavailable-features).
+

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+On {% data variables.enterprise.data_residency_site %}, dependency insights and license and package metadata in the dependency graph are not currently available. The dependency graph itself remains available at the repository level. See [AUTOTITLE](/admin/data-residency/feature-overview-for-github-enterprise-cloud-with-data-residency#currently-unavailable-features).`
	`2`	`+`