Add pre-commit dependency scanning via AI coding agents to dependabot#1638
Merged
Conversation
… skill (#4) * Add pre-commit dependency scanning via AI coding agents section to dependabot SKILL.md Agent-Logs-Url: https://github.com/forks-felickz/awesome-copilot/sessions/e53ba56a-f1b4-4c9a-878b-c40ba38ac339 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> * docs(dependabot): split CLI shell vs interactive plugin install steps Agent-Logs-Url: https://github.com/forks-felickz/awesome-copilot/sessions/a696f619-7f24-42c5-bd17-5732beb2a26d Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Contributor
|
🔴 Contributor Reputation Check: HIGH risk
Maintainers: please review this contributor before merging. |
github-actions
Bot
added
the
needs-review:HIGH
Contributor
|
🔴 Contributor Reputation Check: HIGH risk
Maintainers: please review this contributor before merging. |
felickz
changed the title
github-actions
Bot
added
the
skill-check-warning
Contributor
🔍 Skill Validator Results
Summary
Full validator output```text Found 1 skill(s) [dependabot] 📊 dependabot: 3,352 BPE tokens [chars/4: 3,363] (standard ~), 45 sections, 26 code blocks [dependabot] ⚠ Skill is 3,352 BPE tokens (chars/4 estimate: 3,363) — approaching "comprehensive" range where gains diminish. ✅ All checks passed (1 skill(s)) ``` |
Contributor
|
🔴 Contributor Reputation Check: HIGH risk
Maintainers: please review this contributor before merging. |
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Dependabot skill documentation to include the newly announced pre-commit dependency vulnerability scanning workflow using the GitHub MCP Server dependabot toolset and the Advanced Security plugin, and refreshes the generated skills index accordingly.
Changes:
- Expanded
skills/dependabotfrontmatter description to reference pre-commit dependency vulnerability scanning via MCP + theadvanced-security@copilot-pluginsplugin. - Added a new “Pre-Commit Dependency Scanning via AI Coding Agents” section with setup steps for Copilot CLI (shell vs interactive) and VS Code, plus an example prompt and announcement link.
- Regenerated
docs/README.skills.mdto reflect the updated skill description.
Show a summary per file
| File | Description |
|---|---|
| skills/dependabot/SKILL.md | Adds pre-commit dependency scanning guidance and updates the skill description to reference the Advanced Security plugin. |
| docs/README.skills.md | Updates the dependabot row description in the generated skills index to match the SKILL.md frontmatter. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 0
VeVarunSharma
approved these changes
May 7, 2026
Contributor
VeVarunSharma
left a comment
VeVarunSharma
left a comment
There was a problem hiding this comment.
LGTM! Nice work on expanding on the skill/tool set around Dependabot/GHAS :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
npm startand verified thatREADME.mdis up to date.stagedbranch for this pull request.Description
Documents the new
/dependency-scanningcapability announced in the May 2026 changelog, following the same pattern established by the secret-scanning skill in #1156.Changes:
descriptionto reference the Advanced Security plugin and pre-commit dependency vulnerability scanning use casedependabotMCP toolset checks additions against the GitHub Advisory Databasecopilot --add-github-mcp-toolset dependabot, then/plugin installinsidecopilot)/dependency-scanningcommand)advanced-securityplugin wordingType of Contribution
Additional Notes
Mirrors the structure of
skills/secret-scanning/SKILL.md's "Pre-Commit Scanning via AI Coding Agents" section. Thedocs/README.skills.mdwas auto-regenerated bynpm run builddue to the description change. Follow-up review feedback was incorporated to split terminal vs interactive CLI instructions and to standardize plugin terminology.By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.