This is an automated email from the ASF dual-hosted git repository.
vladimirsitnikov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jmeter.git
The following commit(s) were added to refs/heads/master by this push:
new 27416797d7 chore: add dependency submission workflow
27416797d7 is described below
commit 27416797d7ecdbf4ded95154bc4b5d7a4902e8c7
Author: Vladimir Sitnikov <[email protected]>
AuthorDate: Sat Oct 11 00:02:42 2025 +0300
chore: add dependency submission workflow
This enables GitHub security scanning for all the transitive dependencies
---
.github/workflows/gradle-dependency-submit.yaml | 31 +++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/.github/workflows/gradle-dependency-submit.yaml
b/.github/workflows/gradle-dependency-submit.yaml
new file mode 100644
index 0000000000..6b4290011f
--- /dev/null
+++ b/.github/workflows/gradle-dependency-submit.yaml
@@ -0,0 +1,31 @@
+name: Dependency Submission
+
+# See
https://github.com/gradle/actions/blob/768a17f3488dc3fe0155ff431553e1f53d57e22e/dependency-submission/README.md#the-dependency-submission-action
+# The action allows GitHub to alert about reported vulnerabilities in the
project
+on:
+ push:
+ branches:
+ - main
+
+# Declare default permissions as read-only.
+permissions: read-all
+
+jobs:
+ dependency-submission:
+ name: Submit dependencies
+ runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ steps:
+ - name: Checkout sources
+ uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+ with:
+ persist-credentials: false
+ - name: Set up JDK 21
+ uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4
+ with:
+ distribution: zulu
+ java-version: 21
+ server-id: central
+ - name: Generate and submit dependency graph
+ uses:
gradle/actions/dependency-submission@748248ddd2a24f49513d8f472f81c3a07d4d50e1 #
v4
