# Investigate Dependencies in the Application Dependency Tree **Dependency Tree Dashboard** The Dependency Tree dashboard provides a detailed view of your open-source dependencies and their vulnerabilities. It maps the full application dependency tree, allowing you to: * View details about each dependency, including its version and usage * See which repositories are using a specific dependency * Understand how a repository uses a dependency and its impact on problem severity level **Direct and Indirect Dependencies** LFX Security identifies vulnerabilities in both direct and indirect dependencies. * **Direct Dependencies**: Packages included in your repository. * **Deep (Indirect) Dependencies**: Packages used by your direct dependencies, which can introduce vulnerabilities. **Example:** * Your application uses package A. * Package A uses package B. * If package B is vulnerable, your project is vulnerable due to its indirect dependency on package B. **Understanding Your Dependency Tree** As an open-source developer, it's essential to understand your project's direct and indirect dependencies, including any security flaws that may exist in the dependency tree. LFX Security helps you: * Identify all paths through the dependency tree where a vulnerable dependency can be reached * Determine the vulnerability and its impact on your project ## All Dependencies To view all dependencies, perform the following: 1. Select **Dependency Tree** from the top menu and click **All Dependencies**. A snapshot of repository dependencies in tree format is shown below. The tree is ordered by the number of dependencies, from most to least. Each item can have multiple sub-items. The first three levels are shown by default ![All Dependencies](/files/8xnHyHdjYcKVxxzhaEHd) 2. You can select a **repository** from the Repository drop-down list or select using a **Manifest** file from the Manifest drop-down list. Only dependencies for the selected repository or manifest file for the selected project appear. ![Repository or Manifest File](/files/nyUWkLJkzQKl6Pgj8TqO) {% hint style="info" %} Click the download ![](/files/-MfH9zOD9lj8XMylt_2e) icon to download the dependency CSV file. {% endhint %} 3. Navigate the tree to identify vulnerable dependencies in the repository. The issues are categorized into different Manifest files. The Manifest file lists the node-level and child-level dependences. ![Categorization of Issues](/files/g66aFXplcoFbSQFEzr2g) Each repository shows you the number of issues in the repository along with the criticality of the issue. Each criticality is defined with a different color. ![Color Code Categorization of Issues](/files/fFRyHtvNNYIOX9eOsdrU) A View button is available at the deeper level to go ahead and check the issue details. The color of the button will also indicate the criticality of the issue. ![View Button](/files/QMkq9u1qhi8T2LzZpFYg) An icon ![](/files/zhUmgcNysmvD845J0kRz) is also available which suggests that there are issues still available further in the child level dependencies. ![Issues](/files/E0deKMFsAESBllQrLZSh) 4. Click a **license** of interest to go to SPDX and find out more information about a license. The SPDX License includes a full name, standardized short identifier, vetted license text, and other information about the license. ![License Details](/files/Yr2oagXlyzg8qFkeFc07) ## Vulnerability Details You can also check the vulnerability details only for a particular repository. To check the vulnerability details only, perform the following steps: 1. Click **Dependency Tree** and select **Vulnerabilities Only**. ![Vulnerabilities Only](/files/t5iHLR0nB6UWX8Bwovbn) {% hint style="info" %} Click the download ![](/files/-MfH9zOD9lj8XMylt_2e) icon to download the vulnerabilities CSV file. {% endhint %} 2\. List of vulnerabilities related for a particular repositories or Manifest file are listed. The rest of the details related to issues is similar to what is explained under All Dependencies Section. ![Issues](/files/BeA19FQJpL7cD06eT6TW) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.linuxfoundation.org/lfx/security/investigate-dependencies-in-the-application-dependency-tree.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.