27 lines
816 B
Markdown
27 lines
816 B
Markdown
# Component detection action
|
|
|
|
This GitHub Action runs the [microsoft/component-detection](https://github.com/microsoft/component-detection) library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.
|
|
|
|
### Example workflow
|
|
|
|
```yaml
|
|
|
|
name: Component Detection
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
|
|
permissions:
|
|
id-token: write
|
|
contents: write
|
|
|
|
jobs:
|
|
dependency-submission:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- name: Component detection
|
|
uses: jhutchings1/component-detection-action@v0.0.1
|
|
```
|