https://github.com/advanced-security/cocoapods-dependency-submission-action
CocoaPods Lockfile Dependency Submission Action
https://github.com/advanced-security/cocoapods-dependency-submission-action
Last synced: 12 days ago
JSON representation
CocoaPods Lockfile Dependency Submission Action
- Host: GitHub
- URL: https://github.com/advanced-security/cocoapods-dependency-submission-action
- Owner: advanced-security
- License: mit
- Created: 2023-06-01T10:12:24.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2025-04-01T11:04:18.000Z (about 1 month ago)
- Last Synced: 2025-04-27T02:02:19.405Z (14 days ago)
- Language: Python
- Size: 763 KB
- Stars: 5
- Watchers: 2
- Forks: 3
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
- Support: SUPPORT.md
Awesome Lists containing this project
README
# cocoapods-dependency-submission-action
This is the [CocoaPods Dependency Submission Action](https://github.com/advanced-security/cocoapods-dependency-submission-action) which parses CocoaPods Lock files and submits the dependencies to the [Dependency Graph Submission API](https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api).
> [!WARNING]
> Sadly, [GitHub's Security Advisory Database](https://github.com/advisories) does not contain CocoaPods security alert information which means no security vulnerabilities in your dependencies will be reported.
> This project is mainly to keep your Software Bill of Materials up to date and complete.
## Usage
```yaml
- name: CocoaPods Dependency Submission Action
uses: advanced-security/[email protected]
```
### Action Inputs
```yaml
- name: CocoaPods Dependency Submission Action
uses: advanced-security/[email protected]
with:
# [optonal] The path to the Podfile.lock file. Defaults to finding all
# Podfile.lock in the current working directory
cocoapods-lock: "./Podfile.lock"
# [optional] Token used to authenticate with the GitHub API. Defaults to the GITHUB_TOKEN secret.
token: ${{ secrets.ACTIONS_TOKEN }}
```
### Workflow Example
```yaml
name: Brew Lockfile Dependency Submission Action
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
permissions:
contents: write # needed
jobs:
gradle-lock:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
# ... generate CocoaPods Podfile.lock
- name: CocoaPods Dependency Submission Action
uses: advanced-security/[email protected]
```
## License
This project is licensed under the terms of the MIT open source license. Please refer to [MIT](./LICENSE) for the full terms.
## Maintainers
Maintained by [@GeekMasher](https://github.com/GeekMasher).
## Support
Please [create GitHub issues](https://github.com/GeekMasher/cocoapods-dependency-submission-action) for any feature requests, bugs, or documentation problems.
## Acknowledgement
- @GeekMasher: Author and Maintainer