One-click enablement for Maven transitive dependency detection #796
Comments
github-product-roadmap
added
all
github-product-roadmap
changed the title
ankneis
changed the title
ankneis
added
ga
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Summary
Automatically enable the detection of transitive dependencies for Maven with a one-click set up through a repository's settings.
Intended Outcome
Dependency graph currently does not automatically detect transitive dependencies for Maven. Users can use a GitHub Action to detect and submit these dependencies to the dependency graph, but the discoverability of this action is low and the configuration hurdle can be high. A one-click enablement eliminates these hurdles for users and provides the dependency information they need.
How will it work?
Enabling Maven transitive dependency detection through a repository's settings page will run a dynamic workflow to automatically build the maven project in the repository and submit it using the dependency submission API. The repository will show the complete Maven dependencies in the dependency graph, and users will received Dependabot alerts for any known vulnerabilities. Users do not need to configure their own workflow files.
The text was updated successfully, but these errors were encountered: