mirror of
https://github.com/gradle/actions
synced 2024-12-18 14:12:21 +00:00
add58192d1
Some checks are pending
CI-check-and-unit-test / check-format-and-unit-test (push) Waiting to run
CI-codeql / Analyze (javascript-typescript) (push) Waiting to run
CI-init-script-check / test-init-scripts (push) Waiting to run
CI-integ-test / build-distribution (push) Waiting to run
CI-integ-test / caching-integ-tests (push) Blocked by required conditions
CI-integ-test / other-integ-tests (push) Blocked by required conditions
CI-update-dist / update-dist (push) Waiting to run
|
||
---|---|---|
.. | ||
action.yml | ||
README.md |
The dependency-submission
action
Generates and submits a dependency graph for a Gradle project, allowing GitHub to alert about reported vulnerabilities in your project dependencies.
The following workflow will generate a dependency graph for a Gradle project and submit it immediately to the repository via the Dependency Submission API. For most projects, this default configuration should be all that you need.
Simply add this as a new workflow file to your repository (eg .github/workflows/dependency-submission.yml
).
name: Dependency Submission
on:
push:
branches: ['main']
permissions:
contents: write
jobs:
dependency-submission:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: 17
- name: Generate and submit dependency graph
uses: gradle/actions/dependency-submission@v4
See the full action documentation for more advanced usage scenarios.