actions/component-detection-dependency-submission-action
1
0
Fork 0
mirror of https://github.com/actions/component-detection-dependency-submission-action synced 2026-04-05 18:25:39 +00:00
Code Issues Projects Releases Packages Wiki Activity
No description
324 commits 46 branches 0 tags 43 MiB
  • TypeScript 96.4%
  • JavaScript 3.6%
Find a file
Exact
Lewis Jones 374343effe
 Merge pull request #6 from actions/weekly-sync-branch-16171136386 
Sync Fork with Upstream
2025-07-09 14:49:18 +01:00
.github Add fork sync mechanism 2025-06-10 14:51:08 +01:00
dist Transpiled JS 2025-07-09 12:16:42 +01:00
test Add nested dirs to test 2025-07-09 11:56:34 +01:00
.eslintrc.json Initial commit 2022-08-25 09:12:00 -07:00
.gitattributes Initial commit 2022-08-25 09:12:00 -07:00
.gitignore Add snapshot correlator action input 2025-04-03 05:21:10 +00:00
action.yml Add sha and ref snapshot inputs 2025-06-16 11:15:10 +01:00
babel.config.js Enable full ESM support for Node 20+ and modern dependencies, update Jest and build output configuration 2025-05-12 17:09:08 +00:00
CODE_OF_CONDUCT.md Update docs for ownership change (#2) 2023-04-07 16:21:17 -07:00
CODEOWNERS update codeowners 2025-06-10 14:50:54 +01:00
componentDetection.test.ts remove environment.yml 2025-07-09 13:49:12 +01:00
componentDetection.ts Remove leading slashes from top manifests 2025-07-09 12:16:21 +01:00
CONTRIBUTING.md Update docs for ownership change (#2) 2023-04-07 16:21:17 -07:00
eslint.config.js Fix eslint ... v9 upgrade broke! 2025-05-12 17:14:48 +00:00
index.ts Add sha and ref snapshot inputs 2025-06-16 11:15:10 +01:00
jest.config.d.ts Convert from spdx parser to yaml - boilerplate 2023-01-19 20:10:29 +00:00
jest.config.js Fix eslint ... v9 upgrade broke! 2025-05-12 17:14:48 +00:00
LICENSE Initial commit 2022-08-25 09:12:00 -07:00
package-lock.json Prepare for v0.0.7 release 2025-07-02 19:39:44 +00:00
package.json Bump minor version 2025-07-09 14:42:42 +01:00
README.md Remove examples 2025-06-12 12:23:38 +01:00
SECURITY.md Update docs for ownership change (#2) 2023-04-07 16:21:17 -07:00
SUPPORT.md Update docs for ownership change (#2) 2023-04-07 16:21:17 -07:00
tsconfig.json Hook up the front end 2023-01-22 01:06:08 +00:00

README.md

Component detection dependency submission action

This GitHub Action runs the microsoft/component-detection library to automate dependency extraction at build time. It uses a combination of static and dynamic scanning to build a dependency tree and then uploads that to GitHub's dependency graph via the dependency submission API. This gives you more accurate Dependabot alerts, and support for a bunch of additional ecosystems.

Example workflow


name: Component Detection

on:
  workflow_dispatch:
  push:

permissions:
  id-token: write
  contents: write

jobs:
  dependency-submission:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Component detection
        uses: advanced-security/component-detection-dependency-submission-action@v0.0.3

Configuration options

Parameter Description Example
filePath The path to the directory containing the environment files to upload. Defaults to Actions working directory. '.'
directoryExclusionList Filters out specific directories following a minimatch pattern. test
detectorArgs Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. Pip=EnableIfDefaultOff
dockerImagesToScan Comma separated list of docker image names or hashes to execute container scanning on ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab
detectorsFilter A comma separated list with the identifiers of the specific detectors to be used. Pip, RustCrateDetector
detectorsCategories A comma separated list with the categories of components that are going to be scanned. The detectors that are going to run are the ones that belongs to the categories. NuGet,Npm
correlator An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the job_id of the current job csharp-backend

For more information: https://github.com/microsoft/component-detection

License

This project is licensed under the terms of the MIT open source license. Please refer to MIT for the full terms.