Hello Apache Arrow project,
The Microsoft C++ team has been working with our partners at GitHub to improve the C and C++ user experience on their platform. As a part of that effort, we have added vcpkg support for the GitHub dependency graph feature. We are looking for feedback from GitHub repositories, like apache/arrow, that are using vcpkg so we can identify improvements to this new feature. Enabling this feature for your repositories brings a number of benefits, now and in the future: * Visibility - Users can easily see which packages you depend on and their versions. This includes transitive dependencies not listed in your vcpkg.json manifest file. * Compliance - Generate an SBOM from GitHub that includes C and C++ dependencies as well as other supported ecosystems. * Networking - A fully functional dependency graph allows you to not only see your dependencies, but also other GitHub projects that depend on you, letting you get an idea of how many people depend on your efforts. We want to hear from you if we should prioritize enabling this. * Security - The intention is to enable GitHub's secure supply chain features<https://docs.github.com/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security>. Those features are not available yet, but when they are, you'll already be ready to use them on day one. What's Involved? If you decide to help us out, here's how that would look: * Enable the integration following our documentation. See GitHub integrations - The GitHub dependency graph<https://aka.ms/vcpkg-dependency-graph> more information. * Send us a follow-up email letting us know if the documentation worked and was clear, and what missing functionality is most important to you. * If you have problem enabling the integration, we'll work directly with you to resolve your issue. * We will schedule a brief follow-up call (15-20) with you after the feature is enabled to discuss your feedback. * When we make improvements, we'd like you to try them out to let us know if we are solving the important problems. * Eventually, we'd like to get a "thumbs up" or "thumbs down" on whether or not you think the feature is complete enough to no longer be an experiment. * We'll credit you for your help when we make the move out of experimental and blog about the transition to fully supported. If you are interested in collaborating with us, let us know by replying to this email. Thanks, Michael Price Product Manager, Microsoft C++ Team
