Add snapshot correlator action input

.gitignore

@@ -67,4 +67,7 @@ typings/
 .next
 
 # Output from scanning 
-output.json
+output.json
+
+# Component Detection binary downloaded by tests
+component-detection

README.md

@@ -34,6 +34,7 @@ directoryExclusionList | Filters out specific directories following a minimatch
 detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
 dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on |  ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab | 
 detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
+correlator | An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the [job_id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id) of the current job | `csharp-backend`
 
 For more information: https://github.com/microsoft/component-detection
 

action.yml

@@ -21,6 +21,10 @@ inputs:
   detectorsFilter: 
     description: 'A comma separated list with the identifiers of the specific detectors to be used. This is meant to be used for testing purposes only.'
     required: false
+  correlator:
+    description: 'An optional identifier to distinguish between multiple dependency snapshots of the same type.'
+    type: string
+    required: false
 runs:
   using: 'node16'
   main: 'dist/index.js'

componentDetection.test.ts

@@ -10,7 +10,7 @@ test("Runs CLI", async () => {
   await ComponentDetection.downloadLatestRelease();
   await ComponentDetection.runComponentDetection("./test");
   expect(fs.existsSync(ComponentDetection.outputPath));
-});
+}, 6000);
 
 test("Parses CLI output", async () => {
   await ComponentDetection.downloadLatestRelease();

dist/index.js

@@ -40403,14 +40403,16 @@ const github = __importStar(__nccwpck_require__(5438));
 const dependency_submission_toolkit_1 = __nccwpck_require__(3415);
 const componentDetection_1 = __importDefault(__nccwpck_require__(4878));
 function run() {
+    var _a;
     return __awaiter(this, void 0, void 0, function* () {
         let manifests = yield componentDetection_1.default.scanAndGetManifests(core.getInput('filePath'));
+        const correlatorInput = ((_a = core.getInput('correlator')) === null || _a === void 0 ? void 0 : _a.trim()) || github.context.job;
         let snapshot = new dependency_submission_toolkit_1.Snapshot({
             name: "Component Detection",
             version: "0.0.1",
             url: "https://github.com/advanced-security/component-detection-dependency-submission-action",
         }, github.context, {
-            correlator: `${github.context.job}`,
+            correlator: correlatorInput,
             id: github.context.runId.toString()
         });
         core.debug(`Manifests: ${manifests === null || manifests === void 0 ? void 0 : manifests.length}`);

index.ts

@@ -14,6 +14,7 @@ import ComponentDetection from './componentDetection';
 
 async function run() {
   let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath'));
+  const correlatorInput = core.getInput('correlator')?.trim() || github.context.job;
   
   let snapshot = new Snapshot({
       name: "Component Detection",
@@ -22,7 +23,7 @@ async function run() {
   }, 
   github.context,
   {
-    correlator:`${github.context.job}`,
+    correlator: correlatorInput,
     id: github.context.runId.toString()
   });