dependency-submission GitHub action to track vulnerable dependencies

Vladimir Sitnikov (Jira) Sat, 01 Nov 2025 00:07:05 -0700

Vladimir Sitnikov created CALCITE-7260:
------------------------------------------


             Summary: Add gradle/actions/dependency-submission GitHub action to 
track vulnerable dependencies
                 Key: CALCITE-7260
                 URL: https://issues.apache.org/jira/browse/CALCITE-7260
             Project: Calcite
          Issue Type: Improvement
            Reporter: Vladimir Sitnikov


dependency-submission enables GitHub track all the used dependencies and show 
CVE alerts via https://github.com/apache/calcite/security/dependabot

It would track both runtime, test, build-time, and even build-script 
dependencies which is the right thing from my point of view.

See 
https://github.com/actions/gradle-build-tools-actions?tab=readme-ov-file#the-dependency-submission-action

See 
https://github.com/apache/jmeter/blob/2c17f5d2b6b0fa7e0f69dbd56785386a785c8745/.github/workflows/gradle-dependency-submit.yaml



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CALCITE-7260) Add gradle/actions/dependency-submission GitHub action to track vulnerable dependencies

Reply via email to