This GitHub Action extracts dependencies from an Rebar3 project and submits them to GitHub's Dependency Submission API, helping you unlock advanced dependency graph and security features for your project.
By submitting your dependencies to GitHub:
- 🔐 Stay secure – Receive Dependabot alerts and security updates for known vulnerabilities in your direct and transitive dependencies.
- 🔎 Improve visibility – View your full dependency graph, including dependencies not found in lockfiles, right on GitHub.
- 🔁 Automated updates – Dependabot can automatically open pull requests to fix vulnerable dependencies.
- ✅ Better reviews – See dependencies in pull request diffs via GitHub’s Dependency Review.
- 📊 Support compliance – Help your team understand and audit what third-party code your software depends on.
This action is intended to be used within a GitHub Actions workflow.
Note: rebar.lock is discovered via git ls-files, so it must be both tracked by Git and
checked out in the workspace. If it is excluded from the checkout (for example, via sparse checkout
or path filters), this action cannot resolve the necessary app names and versions and will fail when
attempting to read the lockfile.
on:
push:
permissions:
# The API requires write permission on the repository to submit dependencies
contents: write
jobs:
# Run in its own job so the Erlang/Rebar3 installation doesn't affect other jobs
rebar3-dependency-submission:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6.0.2
- uses: erlef/rebar3-dependency-submission@v1.0.0| Name | Description | Default |
|---|---|---|
token |
GitHub token to use for submission. | ${{ github.token }} |
This action was tested for the following operating systems and architectures, using the corresponding GitHub-hosted runners:
| Operating System | Architecture | Works? | Tested Runner |
|---|---|---|---|
| Linux | x64 | ✅ | ubuntu-24.04 |
| Linux | ARM64 | ✅ | ubuntu-24.04-arm |
| macOS | x64 | ❌ | macos-13 |
| macOS | ARM64 | ✅ | macos-15 |
| Windows | x64 | ✅ | windows-2022 |
| Windows | ARM64 | ❌ | windows-2025 |
If you find it working for another operating system / architecture, feel free to open a pull request to update the table above.
Copyright 2026 Kivra AB
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at:
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.