Add include-unused-deps input

[saramaebee]

Summary

• Adds a new include-unused-deps boolean input that forwards --include-unused-deps to fossa analyze, matching the corresponding flag in fossa-cli.
• Flag is applied only to fossa analyze (not fossa test, fossa report, or container scans).
• Documented in README and rebuilt dist/.

Test plan

• CI passes
• Manually verify include-unused-deps: true causes the action to pass --include-unused-deps to fossa analyze
• Manually verify default (false) is a no-op

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: af0d2f09-a1ae-4a2a-b54a-e0b2cd867ec8

📥 Commits

Reviewing files that changed from the base of the PR and between 29693cc and 823b1b3.

⛔ Files ignored due to path filters (2)

• dist/index.js is excluded by !**/dist/**
• dist/index.js.map is excluded by !**/dist/**, !**/*.map

📒 Files selected for processing (4)

• README.md
• action.yml
• src/config.ts
• src/index.ts

---

Walkthrough

This PR adds a new optional include-unused-deps input to the FOSSA GitHub Action. The input declaration in action.yml is wired through src/config.ts as an exported constant, then used in src/index.ts to conditionally pass the --include-unused-deps flag to fossa analyze when the feature is enabled and container mode is not active. The README documents the new input with constraints and example configuration.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description covers the feature summary and test plan but is missing the required checklist items about running yarn build and adding test workflow examples.	Complete the checklist by confirming yarn build was run and dist/ was committed, and document any test workflow additions or explain why none were added.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change—adding a new action input for include-unused-deps support.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cmboling]

lgtm!