Enables Dependabot & Security Scan #57

soenkeliebau · 2021-02-18T08:39:32Z

Addes config to run Dependabot daily and perform a scan for known security issues in dependencies for each pr.

lfrancke · 2021-02-18T10:48:28Z

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2


You could also add github actions like in operator-rs: https://github.com/stackabletech/operator-rs/blob/main/.github/dependabot.yml

soenkeliebau added 4 commits February 18, 2021 09:12

Enable Dependabot

43d3c5e

Enable security audit

9d9acf0

Removed unneeded whitespace

7c1b8a7

Reverted changes that were accidentally included in a commit.

4c54c46

project-bot bot added this to In progress in Stackable Feb 18, 2021

soenkeliebau added 3 commits February 18, 2021 09:58

Updated dependency to avoid nagging security audit.

2cf9f3b

Added daily security audit to scan for new issues in our dependencies.

d618bc8

Added ability to manually run security audit.

89c826e

soenkeliebau requested a review from lfrancke February 18, 2021 10:10

lfrancke self-assigned this Feb 18, 2021

lfrancke previously approved these changes Feb 18, 2021

View reviewed changes

Stackable automation moved this from In progress to To be merged Feb 18, 2021

soenkeliebau added 2 commits February 18, 2021 11:59

Merge branch 'main' into dependabot

95b61dd

Merged main & added action to check for new versions of github actions.

d6fe76e

soenkeliebau dismissed lfrancke’s stale review via d6fe76e February 18, 2021 11:00

Stackable automation moved this from To be merged to Review in progress Feb 18, 2021

lfrancke self-requested a review February 18, 2021 11:06

Stackable automation moved this from Review in progress to To be merged Feb 18, 2021

lfrancke approved these changes Feb 18, 2021

View reviewed changes

soenkeliebau merged commit fd39354 into main Feb 18, 2021

Stackable automation moved this from To be merged to Done Feb 18, 2021

soenkeliebau deleted the dependabot branch February 18, 2021 11:09

Provide feedback