Closed wzieba closed 5 months ago
This PR adds a GitHub Actions job to send Gradle/Maven dependencies to Github Dependency Graph for each push to trunk or release/* branch.
trunk
release/*
By sending those dependencies, we allow Dependabot to scan whether dependencies we use are affected by known vulnerabilities.
Soon, those metrics will be available to visualize on Apps Metrics (link).
More about this project can be found internally at paaHJt-5Tn-p2
I verified this PR works on fork: https://github.com/wzieba/simplenote-android/actions/runs/7568711116/job/20610447158
No testing is needed.
Description
This PR adds a GitHub Actions job to send Gradle/Maven dependencies to Github Dependency Graph for each push to
trunk
orrelease/*
branch.By sending those dependencies, we allow Dependabot to scan whether dependencies we use are affected by known vulnerabilities.
Soon, those metrics will be available to visualize on Apps Metrics (link).
More about this project can be found internally at paaHJt-5Tn-p2
Testing instructions
I verified this PR works on fork: https://github.com/wzieba/simplenote-android/actions/runs/7568711116/job/20610447158
No testing is needed.