mirror of
https://github.com/gradle/gradle-build-action.git
synced 2024-11-22 00:01:05 -05:00
Improve docs for dependency-graph
This commit is contained in:
parent
cef72ff9e4
commit
f464d5c9e5
1 changed files with 3 additions and 1 deletions
|
@ -415,6 +415,8 @@ The `gradle-build-action` has experimental support for submitting a [GitHub Depe
|
|||
|
||||
The dependency graph snapshot is generated via integration with the [GitHub Dependency Graph Gradle Plugin](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin), and saved as a workflow artifact. The generated snapshot files can be submitted either in the same job, or in a subsequent job (in the same or a dependent workflow).
|
||||
|
||||
The generated dependency graph snapshot reports all of the dependencies that were resolved during a bulid execution, and is used by GitHub to generate [Dependabot Alerts](https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts) for vulnerable dependencies, as well as to populate the [Dependency Graph insights view](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exploring-the-dependencies-of-a-repository#viewing-the-dependency-graph).
|
||||
|
||||
You enable GitHub Dependency Graph support by setting the `dependency-graph` action parameter. Valid values are:
|
||||
|
||||
|<div style="width:290px">Option</div> | Behaviour |
|
||||
|
|
Loading…
Reference in a new issue