advanced-security · gitulisca · Apr 3, 2025
@@ -67,4 +67,7 @@ typings/
 .next
 
 # Output from scanning 
-output.json
+output.json
+
+# Component Detection binary downloaded by tests
+component-detection
@@ -34,6 +34,7 @@ directoryExclusionList | Filters out specific directories following a minimatch
 detectorArgs | Comma separated list of properties that can affect the detectors execution, like EnableIfDefaultOff that allows a specific detector that is in beta to run, the format for this property is DetectorId=EnableIfDefaultOff, for example Pip=EnableIfDefaultOff. | `Pip=EnableIfDefaultOff`
 dockerImagesToScan |Comma separated list of docker image names or hashes to execute container scanning on |  ubuntu:16.04,56bab49eef2ef07505f6a1b0d5bd3a601dfc3c76ad4460f24c91d6fa298369ab | 
 detectorsFilter | A comma separated list with the identifiers of the specific detectors to be used. | `Pip, RustCrateDetector`
+correlator | An optional identifier to distinguish between multiple dependency snapshots of the same type. Defaults to the [job_id](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_id) of the current job | `csharp-backend`
 
 For more information: https://github.com/microsoft/component-detection
 

@@ -21,6 +21,10 @@ inputs:
   detectorsFilter: 
     description: 'A comma separated list with the identifiers of the specific detectors to be used. This is meant to be used for testing purposes only.'
     required: false
+  correlator:
+    description: 'An optional identifier to distinguish between multiple dependency snapshots of the same type.'
+    type: string
+    required: false
 runs:
   using: 'node16'
   main: 'dist/index.js'

@@ -10,7 +10,7 @@ test("Runs CLI", async () => {
   await ComponentDetection.downloadLatestRelease();
   await ComponentDetection.runComponentDetection("./test");
   expect(fs.existsSync(ComponentDetection.outputPath));
-});
+}, 6000);
 
 test("Parses CLI output", async () => {
   await ComponentDetection.downloadLatestRelease();

@@ -14,6 +14,7 @@ import ComponentDetection from './componentDetection';
 
 async function run() {
   let manifests = await ComponentDetection.scanAndGetManifests(core.getInput('filePath'));
+  const correlatorInput = core.getInput('correlator')?.trim() || github.context.job;
 
   let snapshot = new Snapshot({
       name: "Component Detection",
@@ -22,7 +23,7 @@ async function run() {
   }, 
   github.context,
   {
-    correlator:`${github.context.job}`,
+    correlator: correlatorInput,
     id: github.context.runId.toString()
   });