mirror of
https://github.com/gradle/gradle-build-action.git
synced 2024-12-25 02:26:19 +08:00
Improve docs for dependency-graph
This commit is contained in:
parent
cef72ff9e4
commit
f464d5c9e5
@ -411,10 +411,12 @@ You can use the `gradle-build-action` on GitHub Enterprise Server, and benefit f
|
|||||||
|
|
||||||
# GitHub Dependency Graph support (Experimental)
|
# GitHub Dependency Graph support (Experimental)
|
||||||
|
|
||||||
The `gradle-build-action` has experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
|
The `gradle-build-action` has experimental support for submitting a [GitHub Dependency Graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph) snapshot via the [GitHub Dependency Submission API](https://docs.github.com/en/rest/dependency-graph/dependency-submission?apiVersion=2022-11-28).
|
||||||
|
|
||||||
The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
|
The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
|
||||||
|
|
||||||
|
The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
|
||||||
|
|
||||||
You enable GitHub Dependency Graph support by setting the `dependency-graph` action parameter. Valid values are:
|
You enable GitHub Dependency Graph support by setting the `dependency-graph` action parameter. Valid values are:
|
||||||
|
|
||||||
|<div style="width:290px">Option</div> | Behaviour |
|
|<div style="width:290px">Option</div> | Behaviour |
|
||||||
|
Loading…
x
Reference in New Issue
Block a user