gradle/gradle-build-action
1
0
Fork 0
mirror of https://github.com/gradle/gradle-build-action.git synced 2024-11-22 09:02:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

Improve docs for dependency-graph

Browse source
This commit is contained in:
Daz DeBoer 2023-07-10 10:23:31 -06:00 committed by GitHub
parent cef72ff9e4
commit f464d5c9e5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -415,6 +415,8 @@ The `gradle-build-action` has experimental support for submitting a [GitHub Depe
The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
You enable GitHub Dependency Graph support by setting the `dependency-graph` action parameter. Valid values are:
|<div style="width:290px">Option</div> | Behaviour |