advanced-security
diff --git a/‎README.md‎
Lines changed: 17 additions & 0 deletions b/‎README.md‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎action.yml‎
Lines changed: 4 additions & 0 deletions b/‎action.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎dist/index.js‎
Lines changed: 2 additions & 1 deletion b/‎dist/index.js‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion b/‎dist/index.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎index.js‎
Lines changed: 2 additions & 1 deletion b/‎index.js‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎package-lock.json‎
Lines changed: 2 additions & 2 deletions b/‎package-lock.json‎
Lines changed: 2 additions & 2 deletions
@@ -40,6 +40,23 @@ jobs:
         filePath: "_manifest/spdx_2.2/"
 ```
 
+Add support for running inside a matrix by overriding the default correlater unique identifier to include the job+matrix values.  Consider these sample steps:
+
+```yaml
+      # Format corrleator as "job(matrixvalue1, matrixvalue2, ... )" or just "job" with a null matrix
+      - name: Define correlator
+        id: matrix_parser
+        run: |
+            correlator=$(echo '${{ toJSON(matrix) }}' | jq -r 'if . == null then "${{ github.job }}" else "${{ github.job }}(" + ([.[] | tostring] | join(", ")) + ")" end')
+            echo "correlator=$correlator" >> $GITHUB_OUTPUT
+
+      - name: SBOM upload
+        uses: advanced-security/[email protected]
+        with:
+          filePath: "${{ matrix.sbom }}"
+          correlator: ${{ steps.matrix_parser.outputs.correlator }}
+```
+
 ## Support
 
 Please create [GitHub Issues][github-issues] if there are bugs or feature requests.
 
@@ -13,6 +13,10 @@ inputs:
     description: 'The file name pattern for SPDX files to upload'
     required: false
     default: '*.spdx.json'
+  correlator:
+    description: 'The correlator property itself is the primary field used to keep independent submissions distinct.'
+    required: false
+    default: ${{ github.job }} 
 runs:
   using: 'node20'
   main: 'dist/index.js'
 
@@ -11,14 +11,15 @@ const VERSION = "0.1.1";
 async function run() {
   let manifests = lib.getManifestsFromSpdxFiles(lib.searchFiles());
 
+  const correlator = core.getInput('correlator');
   let snapshot = new toolkit.Snapshot({
     name: "spdx-to-dependency-graph-action",
     version: VERSION,
     url: "https://github.com/advanced-security/spdx-dependency-submission-action",
   },
     github.context,
     {
-      correlator: `${github.context.job}`,
+      correlator: correlator,
       id: github.context.runId.toString()
     });