Expose dependency-snapshot-correlator input

[willvrny]

I've been exploring using the anchore/sbom-action but have a scenario that would require exposing this input.

When using the action with a GitHub matrix to generate SBOMs for multiple images for submitting to the GitHub dependency API, the correlator is getting set to ${workflow}_${job}. I can't see a way to make this different between matrix runs so it is set to the same value for both. GitHub docs seem to suggest the following:

If you're using a build matrix, then you'll also need to add additional key(s) to distinguish between each submission inside a matrix variation.

It appears the code already supports an input of dependency-snapshot-correlator: https://github.com/anchore/sbom-action/blob/main/src/github/SyftGithubAction.ts#L449

Is it possible to expose this as an input to the action?

[kzantow]

Many apologies for the delay responding here. I believe since there is already a call to core.getInput("dependency-snapshot-correlator"), that input should work but will probably produce a warning. We could add this to the exposed parameters, but if a user is running this action in a matrix build, it is also required to set the artifact-name. Should we just use this for the correlator instead?