From 7eedfe650ae4540e9120927b091b582bd29966a6 Mon Sep 17 00:00:00 2001 From: Sarita Iyer Date: Thu, 16 Jun 2022 09:46:42 -0400 Subject: [PATCH] add correlator explanation --- content/rest/dependency-graph/dependency-submission.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/rest/dependency-graph/dependency-submission.md b/content/rest/dependency-graph/dependency-submission.md index ef1e52ac87..d21aab322c 100644 --- a/content/rest/dependency-graph/dependency-submission.md +++ b/content/rest/dependency-graph/dependency-submission.md @@ -13,3 +13,5 @@ miniTocMaxHeadingLevel: 3 {% data reusables.dependency-submission.about-dependency-submission %} Dependencies are submitted to the dependency submission API in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. You can choose to use pre-made actions or create your own actions to submit your dependencies to the dependency submission API in the required format each time your project is built. For more information about using the Dependency submission API, see "[Using the Dependency submission API](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api)." + +You can submit multiple sets of dependencies to the Dependency submission API to be included in your dependency graph. The API uses the `job.correlator` property and the `detector.name` category of the snapshot to ensure the latest submissions for each workflow get shown. The `correlator` property itself is the primary field you will use to keep independent submissions distinct. An example `correlator` could be a simple combination of two variables available in actions runs: ` `. \ No newline at end of file