You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Automatically enable the detection of transitive dependencies for Maven with a one-click set up through a repository's settings.
Intended Outcome
Dependency graph currently does not automatically detect transitive dependencies for Maven. Users can use a GitHub Action to detect and submit these dependencies to the dependency graph, but the discoverability of this action is low and the configuration hurdle can be high. A one-click enablement eliminates these hurdles for users and provides the dependency information they need.
How will it work?
Enabling Maven transitive dependency detection through a repository's settings page will run a dynamic workflow to automatically build the maven project in the repository and submit it using the dependency submission API. The repository will show the complete Maven dependencies in the dependency graph, and users will received Dependabot alerts for any known vulnerabilities. Users do not need to configure their own workflow files.
The text was updated successfully, but these errors were encountered:
github-product-roadmap
changed the title
One-click enablement for Maven transitive dependency detection
One-click enablement for Maven transitive dependency detection (beta)
Aug 9, 2023
ankneis
changed the title
One-click enablement for Maven transitive dependency detection (beta)
One-click enablement for Maven transitive dependency detection
May 31, 2024
Summary
Automatically enable the detection of transitive dependencies for Maven with a one-click set up through a repository's settings.
Intended Outcome
Dependency graph currently does not automatically detect transitive dependencies for Maven. Users can use a GitHub Action to detect and submit these dependencies to the dependency graph, but the discoverability of this action is low and the configuration hurdle can be high. A one-click enablement eliminates these hurdles for users and provides the dependency information they need.
How will it work?
Enabling Maven transitive dependency detection through a repository's settings page will run a dynamic workflow to automatically build the maven project in the repository and submit it using the dependency submission API. The repository will show the complete Maven dependencies in the dependency graph, and users will received Dependabot alerts for any known vulnerabilities. Users do not need to configure their own workflow files.
The text was updated successfully, but these errors were encountered: