Skip to content

RomaniukNatalia/skills-secure-repository-supply-chain

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Secure your repository's supply chain

Secure your supply chain, understand dependencies in your environment, know about vulnerabilities in those dependencies and patch them.

Step 3: Enable and trigger Dependabot security updates

Nice work enabling, viewing, and creating Dependabot alerts ✨

Enabling Dependabot alerts on our repository was a great step toward improving our code security, but we still had to manually select an alert and then manually select the option to create the pull request. It would be nice to further improve the automation and maintenance of our dependencies! Well, with Dependabot security updates, we can do just that.

What are Dependabot security updates?: When this feature is enabled, Dependabot detects and fixes vulnerable dependencies for you by opening pull requests automatically to resolve Dependabot alerts.

We manually created a pull request to fix the "Prototype Pollution in minimist" alert, but let's enable Dependabot security updates to automate this process for future alerts!

⌨️ Activity 3.1: Enable and trigger Dependabot security updates

  1. Navigate to the Settings tab and select Code security and analysis.
  2. Enable Dependabot security updates. You may need to wait 30-60 seconds before you see any new pull requests.
  3. Navigate to the Pull requests repository tab and select the newly created pull request that updates axios from version 0.21.1 to a patched version.
  4. Review and merge the pull request.

Wait about 20 seconds then refresh this page (the one you're following instructions from). GitHub Actions will automatically update this page to display the next step.


Get help: Post in our discussion boardReview the GitHub status page

© 2024 GitHub • Code of ConductMIT License

About

Secure your supply chain, understand dependencies in your environment, know about vulnerabilities in those dependencies and patch them

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •