Feature request: Ability to turn dependabot on/off per language #11204
Unanswered
caleb15
asked this question in
Code Security
Replies: 2 comments 2 replies
-
This should be possible using the |
Beta Was this translation helpful? Give feedback.
1 reply
-
Does that work for security alerts too or just dependency updates?
…On Wed, Feb 9, 2022, 12:11 PM Victoria Fawcett ***@***.***> wrote:
This should be possible using the package-ecosystem setting in your
dependabot.yml. See the Configuration options for dependency updates docs
***@***.***/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#configuration-options-for-updates>
and let me know if that gives you trouble
—
Reply to this email directly, view it on GitHub
<#11204 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALCZY6NU45Y7DJYCKHEG3OLU2LC75ANCNFSM5N3ZXGJA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
A user might want to turn dependabot off for a certain language in a specific repo. For example, Javascript generates many false positives due to alerts warning about code that would be vulnerable in the backend but is fine in the frontend. Or maybe they already have security scanning in CI or elsewhere for that language.
Beta Was this translation helpful? Give feedback.
All reactions