You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using this action (or more specifically, microsoft/component-detection), the generated manifests have a location that mismatches the GitHub auto-detection. This causes duplicate entries in the GitHub dependency graph. For example, please see this screenshot:
Note how this screenshot shows a discrepancy between the two paths for the same artifact - the one found by this action has a leading / character while the one auto-detected by GitHub does not, and therefore GitHub continues to think I have 2 different manifests. I used microsoft/component-detection to confirm the JSON details:
I believe that these lines of code in this repository could be touched to remove the leading / from every locationsFoundAt value:
While microsoft/component-detection is the software that's producing the initial manifest, I believe this repository is bridging the gap between general dependency manifest generation and specific uploading to GitHub. I believe either this repository should handle this discrepancy, or GitHub's dependency submission API should (but I wouldn't know where to submit such a request).
The text was updated successfully, but these errors were encountered:
When using this action (or more specifically,
microsoft/component-detection), the generated manifests have a location that mismatches the GitHub auto-detection. This causes duplicate entries in the GitHub dependency graph. For example, please see this screenshot:Note how this screenshot shows a discrepancy between the two paths for the same artifact - the one found by this action has a leading
/character while the one auto-detected by GitHub does not, and therefore GitHub continues to think I have 2 different manifests. I usedmicrosoft/component-detectionto confirm the JSON details:I believe that these lines of code in this repository could be touched to remove the leading
/from everylocationsFoundAtvalue:component-detection-dependency-submission-action/componentDetection.ts
Lines 80 to 81 in 7303e5e
While
microsoft/component-detectionis the software that's producing the initial manifest, I believe this repository is bridging the gap between general dependency manifest generation and specific uploading to GitHub. I believe either this repository should handle this discrepancy, or GitHub's dependency submission API should (but I wouldn't know where to submit such a request).The text was updated successfully, but these errors were encountered: