From 4e9622d4b3166a79cafaca7c9224bc7e98c4afee Mon Sep 17 00:00:00 2001 From: Lewis Jones Date: Tue, 29 Jul 2025 12:40:39 +0100 Subject: [PATCH 1/7] Clarify Python autosubmission prerequisites Added note about .python-version file requirement for Python autosubmission. --- ...uring-automatic-dependency-submission-for-your-repository.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index 946d1d7e4111..903e68858775 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -104,6 +104,8 @@ The .NET autosubmission action uses the open source [component-detection](https: ### Python projects Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. +**Note:** This action uses actions/setup-python to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. + ## Further reading From 7fb0b652ca3a6ad68750c37905fd88f0fcbe8fbd Mon Sep 17 00:00:00 2001 From: Lewis Jones Date: Tue, 29 Jul 2025 12:46:03 +0100 Subject: [PATCH 2/7] Fix link formatting for Python autosubmission note Updated link format for actions/setup-python in Python section. --- ...uring-automatic-dependency-submission-for-your-repository.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index 903e68858775..d22672181d8e 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -104,7 +104,7 @@ The .NET autosubmission action uses the open source [component-detection](https: ### Python projects Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. -**Note:** This action uses actions/setup-python to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. +**Note:** This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. ## Further reading From 9ac2fcd38a33adb6ff6cbb68149446a7966d4a40 Mon Sep 17 00:00:00 2001 From: Sharra-writes Date: Tue, 29 Jul 2025 08:56:04 -0700 Subject: [PATCH 3/7] Update content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md --- ...ing-automatic-dependency-submission-for-your-repository.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index d22672181d8e..402996c23d55 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -104,7 +104,9 @@ The .NET autosubmission action uses the open source [component-detection](https: ### Python projects Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. -**Note:** This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. + +[!Note] +This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. ## Further reading From 3be0d9bd08291ed26c3809f93f68f76af472ae0e Mon Sep 17 00:00:00 2001 From: Sharra-writes Date: Tue, 29 Jul 2025 08:57:21 -0700 Subject: [PATCH 4/7] Update content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md --- ...uring-automatic-dependency-submission-for-your-repository.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index 402996c23d55..e084cb751270 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -105,7 +105,7 @@ The .NET autosubmission action uses the open source [component-detection](https: Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. -[!Note] +> [!Note] This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. From fb455fab67d86a07456c1597a616b4e36ba9a7d6 Mon Sep 17 00:00:00 2001 From: Sharra-writes Date: Tue, 29 Jul 2025 08:57:48 -0700 Subject: [PATCH 5/7] Update content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md --- ...uring-automatic-dependency-submission-for-your-repository.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index e084cb751270..eed6cff45272 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -106,7 +106,7 @@ The .NET autosubmission action uses the open source [component-detection](https: Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. > [!Note] -This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. +> This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. ## Further reading From 37f5b388f9ede3b1b44a0c78439d6ccd733654fa Mon Sep 17 00:00:00 2001 From: Sharra-writes Date: Tue, 29 Jul 2025 10:23:27 -0700 Subject: [PATCH 6/7] Update content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md --- ...uring-automatic-dependency-submission-for-your-repository.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index eed6cff45272..f4ae9454c952 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -105,7 +105,7 @@ The .NET autosubmission action uses the open source [component-detection](https: Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. -> [!Note] +> [!NOTE] > This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. From e2c0cad23ed778ee207f4cd970ddf68932180f9c Mon Sep 17 00:00:00 2001 From: Sharra-writes Date: Tue, 29 Jul 2025 10:36:58 -0700 Subject: [PATCH 7/7] Update content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md --- ...uring-automatic-dependency-submission-for-your-repository.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md index f4ae9454c952..b782cd164649 100644 --- a/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md +++ b/content/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-automatic-dependency-submission-for-your-repository.md @@ -106,7 +106,7 @@ The .NET autosubmission action uses the open source [component-detection](https: Python uses the open source [component-detection](https://github.com/microsoft/component-detection/) project as its underlying graph generation engine. The autosubmission action for Python will only run if there is a `requirements.txt` file in the root directory of the repository. Python autosubmission does not currently support private packages; packages referenced in `requirements.txt` which are not publicly available will cause the autosubmission action to fail. > [!NOTE] -> This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. Therefore, you must include a .python-version file in your repository to specify the Python version to be installed. +> This action uses [actions/setup-python](https://github.com/actions/setup-python) to install Python. You must include a .python-version file in your repository to specify the Python version to be installed. ## Further reading