Skip to content

Maintenance: Enable dependabot to repository #316

New issue
New issue
Closed
#317
Closed
Maintenance: Enable dependabot to repository#316
#317
Assignees
hjgraca
Labels
internalMaintenance changes
@hjgraca

Description

@hjgraca
hjgraca
opened on Jun 23, 2023

Summary

Enabling dependabot for the repository. This will give us a better understanding of dependency security vulnerabilities and keep up to date with latest versions.

View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "About Dependabot alerts" and "About Dependabot security updates."

Why is this needed?

Supply chain security and updates.
Dependabot alerts tell you that your code depends on a package that is insecure.

Dependabot consists of three different features that help you manage your dependencies:

Dependabot alerts—inform you about vulnerabilities in the dependencies that you use in your repository.
Dependabot security updates—automatically raise pull requests to update the dependencies you use that have known security vulnerabilities.
Dependabot version updates—automatically raise pull requests to keep your dependencies up-to-date.

How to enable
https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide#enabling-dependabot-for-your-repository

Which area does this relate to?

Governance

Solution

No response

Acknowledgment

Metadata

Metadata

Assignees

Labels

internalMaintenance changes

Type

No type

Projects

Powertools for AWS Lambda (.NET)

Status

👀 In review

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions