| title: REST API endpoints for dependency submission | |
| shortTitle: Dependency submission | |
| allowTitleToDifferFromFilename: true | |
| intro: Use the REST API to submit dependencies. | |
| versions: | |
| fpt: '*' | |
| ghec: '*' | |
| ghes: '*' | |
| autogenerated: rest | |
| ## About dependency submissions | |
| {% data reusables.dependency-submission.about-dependency-submission %} | |
| You can submit dependencies in the form of a snapshot. A snapshot is a set of dependencies associated with a commit SHA and other metadata, that reflects the current state of your repository for a commit. You can choose to use pre-made actions or create your own actions to submit your dependencies in the required format each time your project is built. For more information, see [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api). | |
| You can submit multiple sets of dependencies to be included in your dependency graph. The REST API uses the `job.correlator` property and the `detector.name` category of the snapshot to ensure the latest submissions for each workflow get shown. The `correlator` property itself is the primary field you will use to keep independent submissions distinct. An example `correlator` could be a simple combination of two variables available in actions runs: `<GITHUB_WORKFLOW> <GITHUB_JOB>`. | |
| {% data reusables.dependency-graph.deduplication %} | |
| <!-- Content after this section is automatically generated --> | |