actions/component-detection-dependency-submission-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Clean up readme

Browse Source
This commit is contained in:
Justin Hutchings
2023-01-22 01:08:40 +00:00
parent bf471390ec
commit 428b2ee694
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -1,13 +1,12 @@
# Conda dependency submission action
This repository scans Conda environment.yaml files and uploads the results to the dependency graph. While GitHub does not support alerting on OS-level dependencies, it will alert on any PyPI dependencies that are defined in the environment.yaml.
# Component detection action
This GitHub Action runs the [microsoft/component-detection](https://github.com/microsoft/component-detection) library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
### Example workflow
```yaml
name: Conda dependency submission
name: Component Detection
on:
workflow_dispatch:
@@ -23,5 +22,5 @@ jobs:
steps:
- uses: actions/checkout@v3
- name: Conda dependency scanning
uses: jhutchings1/conda-dependency-submission-action@v0.0.2
uses: jhutchings1/component-detection-action@v0.0.1
```