Skip to content

Dependabot: automated dependency and GitHub Actions updates #75

Open
Open
Dependabot: automated dependency and GitHub Actions updates#75
Labels
area: ciCI/CD & GitHub Actionsarea: cncfCNCF compliance, governance and supply chain securitypriority: mediumMedium prioritytype: choreMaintenance / scaffolding
Milestone
v0.0.1 - CNCF Foundation
@mwaldheim

Description

@mwaldheim
mwaldheim
opened on May 22, 2026

Goal

Keep dependencies up-to-date automatically — required by OpenSSF Scorecard 'Dependency-Update-Tool' check.

Tasks

  • .github/dependabot.yml for Go modules (weekly)
  • .github/dependabot.yml for GitHub Actions (weekly)
  • Auto-merge Dependabot PRs for patch updates (with passing CI)
  • Group minor/patch updates to reduce PR noise
  • Set reviewers to CODEOWNERS for major updates

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: ciCI/CD & GitHub Actionsarea: cncfCNCF compliance, governance and supply chain securitypriority: mediumMedium prioritytype: choreMaintenance / scaffolding

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions