GitHub dependabot
Jump to navigation
Jump to search
↑ https://github.blog/2019-05-23-introducing-new-ways-to-keep-your-code-secure/
↑ https://github.blog/2020-09-30-code-scanning-is-now-available/
wikipedia:Dependabot (May 2019) automated dependency updates built into GitHub since May 2019.[1]
- Homepage: https://github.com/dependabot
- Configuration:
.github/dependabot.yml
- Dependabot options in Code security and analysis:
Contents
Changelog[edit]
- Feb 2022 https://github.blog/2022-02-08-improving-developer-experience-dependabot-alerts/
- Dependabot version updates https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
Activities[edit]
- https://stackoverflow.com/questions/tagged/dependabot?tab=Votes
- Review Automerge: https://stackoverflow.com/questions/64116781/how-do-i-automerge-dependabot-updates-config-version-2
if: ${{ github.actor == 'dependabot[bot]' }}
Related[edit]
- Dependabot alerts
- GitHub security: GitHub code scanning (Sep 2020 [2])
- Semantic Versioning (semver)
- Amazon Inspector (Oct 2015)
npm audit
- GitHub Advanced Security (GHAS) include code scanning alerts
- Renovate bot
- ECR scanning
- Docker Scout
- Container scanning
- Grype
See also[edit]
- GitHub Dependabot, Dependabot alerts,
.github/dependabot.yml
- GitHub security, GitHub Advanced Security (GHAS), GitHub Security Advisory (GHSA), GitHub code scanning, GitHub dependabot, secret scanning, SECURITY.md
- Bot, Bad Bots, Renovate bot, Dependabot, Cloudflare Bot fight mode, ClaudeBot, meta-externalagent
Advertising: