actions/component-detection-dependency-submission-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NaN Commits 1 Branch 0 Tags
f45d764bb0bf0ccb5a0bdc13f2ea228fa76dae6a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Justin Hutchings f45d764bb0 Fix manifest duplication bug
2023-01-22 08:31:09 +00:00
.github
Fix syntax error in test
2023-01-20 01:55:32 +00:00
dist
Fix manifest duplication bug
2023-01-22 08:31:09 +00:00
test
Hook up the front end
2023-01-22 01:06:08 +00:00
.eslintignore
Initial commit
2022-08-25 09:12:00 -07:00
.eslintrc.json
Initial commit
2022-08-25 09:12:00 -07:00
.gitattributes
Initial commit
2022-08-25 09:12:00 -07:00
.gitignore
Add output path for scan results
2023-01-21 22:04:05 +00:00
action.yml
Add debugging statements
2023-01-22 07:20:25 +00:00
CODEOWNERS
Initial commit
2022-08-25 09:12:00 -07:00
component-detection
Stub component detection download and execution
2023-01-21 21:56:51 +00:00
componentDetection.test.ts
Hook up the front end
2023-01-22 01:06:08 +00:00
componentDetection.ts
Fix manifest duplication bug
2023-01-22 08:31:09 +00:00
index.ts
debugging empty manifests section
2023-01-22 08:20:54 +00:00
jest.config.d.ts
Convert from spdx parser to yaml - boilerplate
2023-01-19 20:10:29 +00:00
jest.config.js
Convert from spdx parser to yaml - boilerplate
2023-01-19 20:10:29 +00:00
LICENSE
Initial commit
2022-08-25 09:12:00 -07:00
package-lock.json
Stub component detection download and execution
2023-01-21 21:56:51 +00:00
package.json
Hook up the front end
2023-01-22 01:06:08 +00:00
README.md
Update readme
2023-01-22 01:13:59 +00:00
tsconfig.json
Hook up the front end
2023-01-22 01:06:08 +00:00

README.md

Component detection action

This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.

Example workflow


name: Component Detection

on:
  workflow_dispatch:
  push:

permissions: 
  id-token: write
  contents: write

jobs:
  dependency-submission:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Component detection 
        uses: jhutchings1/component-detection-action@v0.0.1
Description
Mirror of github.com/actions/component-detection-dependency-submission-action
Readme 37 MiB
Languages
TypeScript 96.4%
JavaScript 3.6%