Dependabot check in github actions #12345
Unanswered
roisec
asked this question in
Code Security
Replies: 2 comments
-
Helping find that make sense for you ? |
Beta Was this translation helpful? Give feedback.
0 replies
-
👋🏼 Dependabot security updates work by opening a pull request once a security alert is found. Dependabot does not actively scan your code but rather actively updates your code. Once you are set up using Dependabot security updates, your code will be up to date until a new vulnerability is found. To actively prevent dependencies from entering your codebase, you can check out this new Github Action: Dependency Review Action |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I tried to figure out how we can block build by dependabot with Github actions.
The goal is to scan security vulnerabilities with dependabot and block merging.
Dependabot support this?
Beta Was this translation helpful? Give feedback.
All reactions