Difference between revisions of "GitHub dependabot"
Jump to navigation
Jump to search
↑ https://github.blog/2019-05-23-introducing-new-ways-to-keep-your-code-secure/
↑ https://github.blog/2020-09-30-code-scanning-is-now-available/
(5 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
* Configuration: <code>[[.github/]][[dependabot.yml]]</code> | * Configuration: <code>[[.github/]][[dependabot.yml]]</code> | ||
* Dependabot options in [[Code security and analysis]]: | * Dependabot options in [[Code security and analysis]]: | ||
− | + | {{Dependabot options TOC}} | |
− | + | ||
− | |||
− | |||
− | |||
− | |||
== Changelog == | == Changelog == | ||
Line 26: | Line 22: | ||
* [[Amazon Inspector]] ([[AWS timeline|Oct 2015]]) | * [[Amazon Inspector]] ([[AWS timeline|Oct 2015]]) | ||
* <code>[[npm audit]]</code> | * <code>[[npm audit]]</code> | ||
− | * [[GitHub Advanced Security]] include [[code scanning]] alerts | + | * [[GitHub Advanced Security (GHAS)]] include [[code scanning]] alerts |
* [[Renovate]] bot | * [[Renovate]] bot | ||
+ | * [[ECR scanning]] | ||
+ | * [[Docker Scout]] | ||
+ | * [[Container scanning]] | ||
+ | * [[Grype]] | ||
== See also == | == See also == |
Latest revision as of 10:02, 8 November 2024
wikipedia:Dependabot (May 2019) automated dependency updates built into GitHub since May 2019.[1]
- Homepage: https://github.com/dependabot
- Configuration:
.github/dependabot.yml
- Dependabot options in Code security and analysis:
Contents
Changelog[edit]
- Feb 2022 https://github.blog/2022-02-08-improving-developer-experience-dependabot-alerts/
- Dependabot version updates https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
Activities[edit]
- https://stackoverflow.com/questions/tagged/dependabot?tab=Votes
- Review Automerge: https://stackoverflow.com/questions/64116781/how-do-i-automerge-dependabot-updates-config-version-2
if: ${{ github.actor == 'dependabot[bot]' }}
Related[edit]
- Dependabot alerts
- GitHub security: GitHub code scanning (Sep 2020 [2])
- Semantic Versioning (semver)
- Amazon Inspector (Oct 2015)
npm audit
- GitHub Advanced Security (GHAS) include code scanning alerts
- Renovate bot
- ECR scanning
- Docker Scout
- Container scanning
- Grype
See also[edit]
- GitHub Dependabot, Dependabot alerts,
.github/dependabot.yml
- GitHub security, GitHub Advanced Security (GHAS), GitHub Security Advisory (GHSA), GitHub code scanning, GitHub dependabot, secret scanning, SECURITY.md
- Bot, Bad Bots, Renovate bot, Dependabot, Cloudflare Bot fight mode, ClaudeBot
Advertising: