Skip to content

feat: enable renovate osv.dev integration#33

Merged
r0binary-sap merged 1 commit intomainfrom
feature/DEVX-393-provide-osv-dev-integration-in-the-org-preset
Jan 27, 2026
Merged

feat: enable renovate osv.dev integration#33
r0binary-sap merged 1 commit intomainfrom
feature/DEVX-393-provide-osv-dev-integration-in-the-org-preset

Conversation

@r0binary-sap
Copy link
Contributor

@r0binary-sap r0binary-sap commented Jan 13, 2026
edited
Loading

WHAT Enable renovate's integration with osv.dev database (alerts + dashboard insights)

WHY Renovate integrates with OSV, an open-source vulnerability database, to check if extracted dependencies have known vulnerabilities. Set osvVulnerabilityAlerts to true to get pull requests with vulnerability fixes (once they are available). You will only get OSV-based vulnerability alerts for direct dependencies.

I tested the configuration here. It shows outdated dependencies and the linked CVEs. The creation of these SECURITY PRs will bypass schedules and pr rate limits according to the renovate docs.

@r0binary-sap r0binary-sap force-pushed the feature/DEVX-393-provide-osv-dev-integration-in-the-org-preset branch 2 times, most recently from d21046c to f166639 Compare January 21, 2026 09:19
@r0binary-sap r0binary-sap marked this pull request as ready for review January 22, 2026 16:27
@r0binary-sap r0binary-sap requested a review from a team as a code owner January 22, 2026 16:27
@r0binary-sap
feat: enable renovate osv.dev integration
c188e1d 
**WHAT**
Enable renovate's integration with osv.dev database (alerts + dashboard insights)

**WHY**
Renovate integrates with OSV, an open-source vulnerability database, to check if extracted dependencies have known vulnerabilities. Set osvVulnerabilityAlerts to true to get pull requests with vulnerability fixes (once they are available). You will only get OSV-based vulnerability alerts for *direct* dependencies.
@r0binary-sap r0binary-sap force-pushed the feature/DEVX-393-provide-osv-dev-integration-in-the-org-preset branch from f166639 to c188e1d Compare January 23, 2026 12:49
@r0binary-sap
Copy link
Contributor Author

r0binary-sap commented Jan 26, 2026
edited
Loading

@r0binary-sap r0binary-sap merged commit eccc5db into main Jan 27, 2026
4 checks passed
@r0binary-sap r0binary-sap deleted the feature/DEVX-393-provide-osv-dev-integration-in-the-org-preset branch January 27, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timovankissing-leanix timovankissing-leanix timovankissing-leanix approved these changes

@StefanKuerten1234 StefanKuerten1234 Awaiting requested review from StefanKuerten1234 StefanKuerten1234 is a code owner automatically assigned from leanix/team-butterfly

@kostas-petrakis kostas-petrakis Awaiting requested review from kostas-petrakis kostas-petrakis is a code owner automatically assigned from leanix/team-butterfly

@liudmyla-b liudmyla-b Awaiting requested review from liudmyla-b liudmyla-b is a code owner automatically assigned from leanix/team-butterfly

@arjunkohli arjunkohli Awaiting requested review from arjunkohli

@mrabie1337 mrabie1337 Awaiting requested review from mrabie1337

Assignees

No one assigned

Labels

do-not-merge

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@r0binary-sap @timovankissing-leanix