Files
component-detection-depende…/README.md
T
2023-01-22 19:46:41 +00:00

815 B

Component detection action

This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.

Example workflow


name: Component Detection

on:
  workflow_dispatch:
  push:

permissions: 
  id-token: write
  contents: write

jobs:
  dependency-submission:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Component detection 
        uses: jhutchings1/component-detection-action@v0.0.1