516a3ad1399675c4519dc94514a9ce4e0b218f7e
Bumps the actions-dependencies group with 2 updates: [actions/setup-node](https://github.com/actions/setup-node) and [actions/upload-artifact](https://github.com/actions/upload-artifact). Updates `actions/setup-node` from 6.0.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v6.0.0...v6.2.0) Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
Component detection dependency submission action
This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
Example workflow
name: Component Detection
on:
workflow_dispatch:
push:
permissions:
id-token: write
contents: write
jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Component detection
uses: advanced-security/component-detection-dependency-submission-action@v0.1.0
Configuration options
| Parameter | Description | Example |
|---|---|---|
| filePath | The path to the directory containing the environment files to upload. Defaults to Actions working directory. | '.' |
| directoryExclusionList | Filters out specific directories following a minimatch pattern. | test |
| detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | Pip=EnableIfDefaultOff |
| dockerImagesToScan | Comma separated list of docker image names or hashes to execute container scanning on | ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab |
| detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | Pip, RustCrateDetector |
| detectorsCategories | A comma separated list with the categories of components that are going to be scanned. The detectors that are going to run are the ones that belongs to the categories. | NuGet,Npm |
| correlator | An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the job_id of the current job | csharp-backend |
For more information: https://github.com/microsoft/component-detection
License
This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.
Description
Languages
TypeScript
96.4%
JavaScript
3.6%