From 00a20b853ddc9be51d342cab50029cd78de89201 Mon Sep 17 00:00:00 2001 From: Chad Bentz <1760475+felickz@users.noreply.github.com> Date: Fri, 2 Feb 2024 09:42:09 -0500 Subject: [PATCH] Add Component Detection to Dependency Submission actions recommended list (#41819) Co-authored-by: Jon Janego Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../using-the-dependency-submission-api.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md index 72f0407d5a..f8e045cdfd 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api.md @@ -34,6 +34,13 @@ Gradle | [Gradle Build Action](https://github.com/marketplace/actions/gradle-bui Maven | [Maven Dependency Tree Dependency Submission](https://github.com/marketplace/actions/maven-dependency-tree-dependency-submission) | {% octicon "check" aria-label="Maintained by {% data variables.product.prodname_dotcom %}" %} | Mill | [Mill Dependency Submission](https://github.com/marketplace/actions/mill-dependency-submission) | {% octicon "x" aria-label="Not maintained by {% data variables.product.prodname_dotcom %}" %} | Scala | [Sbt Dependency Submission](https://github.com/marketplace/actions/sbt-dependency-submission) | {% octicon "x" aria-label="Not maintained by {% data variables.product.prodname_dotcom %}" %} | +NuGet and others | [Component Detection dependency submission action](https://github.com/marketplace/actions/component-detection-dependency-submission-action) | {% octicon "check" aria-label="Maintained by {% data variables.product.prodname_dotcom %}" %} | + +{% note %} + +**Note:** For the Component Detection dependency submission action, other supported ecosystems include Vcpkg, Conan, Conda, Crates, as well as NuGet. + +{% endnote %} For example, the following [Go Dependency Submission](https://github.com/actions/go-dependency-submission) workflow calculates the dependencies for a Go build-target (a Go file with a `main` function) and submits the list to the Dependency submission API.