Open tsteenbe opened 2 years ago
The notifier
module would probably be a good place to implement this.
Hmm, I would have rather thought of a reporter
that pushes results to the remote API rather than writing to a local file.
For consistency I recommend we do the same as we did for SW360 as both are about uploading dependency info ... or if we decide to do things differently for Dependency submission API to update our SW360 support
We could probably just re-use the model classes from here.
GitHub's Dependency submission API allows you to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled, see https://docs.github.com/en/rest/dependency-graph/dependency-submission
As ORT generally detects dependencies better than GitHub I propose we add a feature to ORT to allow users to upload found dependencies to GitHub's Dependency submission API. We could then use this feature in ORT for GitHub Action developed in https://github.com/oss-review-toolkit/ort/issues/3512