Merge pull request #161 from advanced-security/document-EnableIfDefaultOff-detectorArgs
Revise README for workflows and detector options
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
|
||||
This GitHub Action runs the [microsoft/component-detection](https://github.com/microsoft/component-detection) library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
|
||||
|
||||
### Example workflow
|
||||
### Example workflows
|
||||
|
||||
```yaml
|
||||
|
||||
@@ -25,13 +25,40 @@ jobs:
|
||||
uses: advanced-security/component-detection-dependency-submission-action@v0.1.1
|
||||
```
|
||||
|
||||
Additional `Experimental` and `DefaultOff` detectors:
|
||||
- For a list of experimental and default-off detectors that require explicit enablement, see the [Detectors README](https://github.com/microsoft/component-detection/blob/main/docs/detectors/README.md). See [enable-default-off.md](https://github.com/microsoft/component-detection/blob/main/docs/enable-default-off.md) for more details.
|
||||
|
||||
```yaml
|
||||
name: Component Detection
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
push:
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
dependency-submission:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Component detection
|
||||
uses: advanced-security/component-detection-dependency-submission-action@v0.1.1
|
||||
with:
|
||||
# Experimental detectors: Poetry, UvLock, NpmLockfile3, Ivy
|
||||
# Default-off detectors: ConanLock, CondaLock, Dockerfile, Pip, SimplePip, Spdx22, SwiftResolved
|
||||
detectorArgs: Poetry=EnableIfDefaultOff,UvLock=EnableIfDefaultOff,NpmLockfile3=EnableIfDefaultOff,Ivy=EnableIfDefaultOff,ConanLock=EnableIfDefaultOff,CondaLock=EnableIfDefaultOff,Dockerfile=EnableIfDefaultOff,Pip=EnableIfDefaultOff,SimplePip=EnableIfDefaultOff,Spdx22=EnableIfDefaultOff,SwiftResolved=EnableIfDefaultOff
|
||||
```
|
||||
|
||||
### Configuration options
|
||||
|
||||
| Parameter | Description | Example |
|
||||
| --- | --- | --- |
|
||||
filePath | The path to the directory containing the environment files to upload. Defaults to Actions working directory. | `'.'`
|
||||
directoryExclusionList | Filters out specific directories following a minimatch pattern. | `test`
|
||||
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
|
||||
detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is `Experimental` or `DefaultOff` to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
|
||||
dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
|
||||
detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
|
||||
detectorsCategories | A comma separated list with the categories of components that are going to be scanned. The detectors that are going to run are the ones that belongs to the categories. | `NuGet,Npm`
|
||||
|
||||
Reference in New Issue
Block a user