actions/dependency-submission
daz 38a821729e
Use consistent action params between setup-gradle and dependency-submission
To ensure expected caching (and other) behaviour, we should keep these config
parameters as consistent as possible.
2024-04-07 12:11:50 -06:00
..
action.yml Use consistent action params between setup-gradle and dependency-submission 2024-04-07 12:11:50 -06:00
README.md Add 'setup-java' step to all examples 2024-04-05 14:54:29 -06:00

The dependency-submission action

Generates and submits a dependency graph for a Gradle project, allowing GitHub to alert about reported vulnerabilities in your project dependencies.

The following workflow will generate a dependency graph for a Gradle project and submit it immediately to the repository via the Dependency Submission API. For most projects, this default configuration should be all that you need.

Simply add this as a new workflow file to your repository (eg .github/workflows/dependency-submission.yml).

name: Dependency Submission

on: [ push ]

permissions:
  contents: write

jobs:
  dependency-submission:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout sources
      uses: actions/checkout@v4
    - name: Setup Java
      uses: actions/setup-java@v4
      with:
        distribution: 'temurin'
        java-version: 17
    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@v3

See the full action documentation for more advanced usage scenarios.