A Github action to submit the dependency graph of an sbt build to the Github Dependency submission API.

Before running the workflow, make sure that the Dependency Graph feature is enabled in the settings of your repository (Settings > Code Security and Analysis). The graph of your sbt build will be visible in the Dependency Graph page of the Insights tab.

Enable Dependabot in your project settings to receive alerts for vulnerabilities that affect your sbt project.

Any sbt project whose sbt version is equal to or greater than 1.3.

Create a Github Action file under .github/workflows containing the following definition.

# .github/workflows/dependency-graph.yml
name: Update Dependency Graph
on:
  push:
    branches:
      - main # default branch of the project
jobs:
  dependency-graph:
    name: Update Dependency Graph
    runs-on: ubuntu-latest # or windows-latest, or macOS-latest
    permissions:
      contents: write # this permission is needed to submit the dependency graph
    steps:
      - uses: actions/checkout@v3
      - uses: scalacenter/sbt-dependency-submission@v1

The relative path of the working directory of your sbt build. Default value is .

A list of space-separated names of modules to ignore. The action will not resolve nor submit the dependencies of these modules. The name of a module contains the name of the project and its binary version. Example: foo_2.13 bar_2.13

In this example the snapshot will not contain the graphs of foo_2.13 and bar_3.

steps:
  - uses: actions/checkout@v3
  - uses: scalacenter/sbt-dependency-submission@v1
    with:
      base-dir: ./my-scala-project
      projects: foo_2.13 bar_3

This error happens when the Dependency Graph feature is disabled. You can enable it in Settings > Code Security and Analysis.