23 lines
1.4 KiB
Markdown
23 lines
1.4 KiB
Markdown
---
|
|
title: Dependency submission
|
|
intro: Use the REST API to submit dependencies.
|
|
versions:
|
|
fpt: '*'
|
|
ghec: '*'
|
|
ghes: '>=3.7'
|
|
autogenerated: rest
|
|
---
|
|
|
|
## About dependency submissions
|
|
|
|
{% data reusables.dependency-submission.dependency-submission-api-beta %}
|
|
|
|
{% data reusables.dependency-submission.about-dependency-submission %}
|
|
|
|
You can submit dependencies in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. You can choose to use pre-made actions or create your own actions to submit your dependencies in the required format each time your project is built. For more information, see "[AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)."
|
|
|
|
You can submit multiple sets of dependencies to be included in your dependency graph. The REST API uses the `job.correlator` property and the `detector.name` category of the snapshot to ensure the latest submissions for each workflow get shown. The `correlator` property itself is the primary field you will use to keep independent submissions distinct. An example `correlator` could be a simple combination of two variables available in actions runs: `<GITHUB_WORKFLOW> <GITHUB_JOB>`.
|
|
|
|
|
|
<!-- Content after this section is automatically generated -->
|