From 779489bff8a0ff39fe6d40dbd8af4d363c09bcf7 Mon Sep 17 00:00:00 2001
From: Louis Bergelson <louisb@broadinstitute.org>
Date: Wed, 16 Oct 2024 00:33:46 -0400
Subject: [PATCH] Add dependency submission workflow to monitor vulnerabilities
 (#9002)

* Adds a new github actions workflow to submit our dependencies for analysis
---
 .github/workflows/dependency_submission.yml | 22 +++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/dependency_submission.yml

diff --git a/.github/workflows/dependency_submission.yml b/.github/workflows/dependency_submission.yml
new file mode 100644
index 00000000000..3103492f769
--- /dev/null
+++ b/.github/workflows/dependency_submission.yml
@@ -0,0 +1,22 @@
+name: Dependency Submission
+
+on:
+  push:
+    branches: [ 'master' ]
+
+permissions:
+  contents: write
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: 17
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v4