Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config Dependabot review workflow on pull requests #230

Open
3 tasks
kyleecodes opened this issue Nov 16, 2023 · 0 comments
Open
3 tasks

Config Dependabot review workflow on pull requests #230

kyleecodes opened this issue Nov 16, 2023 · 0 comments
Assignees
@kyleecodes
Labels
dependencies Pull requests that update a dependency file github-actions GitHub Actions priority: soon Should be prioritized soon.
Milestone
01. Compliance & ...

Comments

@kyleecodes
Copy link
Member

Overview

We use Dependabot for vulnerability alerts, but this only identifies issues already in our dependencies. It's much better to avoid introducing potential problems than to fix problems at a later date. We can do this using GitHub Action workflows upon developer pull requests.

Action Items

  • Research the resources listed below on how to enact this workflow.
  • Write the workflow and open a PR.
  • Open a test PR to test the new workflow.

Resources
@kyleecodes kyleecodes added the dependencies Pull requests that update a dependency file label Nov 16, 2023
@kyleecodes kyleecodes added this to the 01. Compliance & Security milestone Nov 16, 2023
@chaynHQ chaynHQ deleted a comment from github-actions bot Nov 16, 2023
@kyleecodes kyleecodes changed the title Add new Dependabot review workflow to pull requests Config Dependabot review workflow on pull requests Nov 16, 2023
@kyleecodes kyleecodes added github-actions GitHub Actions priority: soon Should be prioritized soon. labels Dec 27, 2023
@kyleecodes kyleecodes self-assigned this Dec 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kyleecodes kyleecodes

Labels
dependencies Pull requests that update a dependency file github-actions GitHub Actions priority: soon Should be prioritized soon.
Projects
None yet
Milestone
01. Compliance & Security
Development

No branches or pull requests
1 participant
@kyleecodes