search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.73k stars 580 forks source link

Auto-Upgrader - like Maven's "versions" plugin, but with extra run-a-build and do-a-commit steps #1272

Open paul-hammant opened 3 years ago

paul-hammant commented 3 years ago

Current Behavior:

Technology shows what upgrades could be made to deps.

Proposed Behavior:

Technology attempts to upgrade on dependency at a time, in cloud/CI time, then run a build, then propose a pull request if the the build is successful.

To break that down:

  1. Dependency-track would attempt to upgrade in a cloned dir like Maven's versions plugin: https://www.mojohaus.org/versions-maven-plugin

  2. Dependency-track would attempt to run a build and if successful to do a commit then make a pull-request

sephiroth-j commented 2 years ago

Sounds like Dependabot or renovatebot for me. Renovate can be self-hosted.

syalioune commented 1 year ago

Dependabot is currently implemented. I believe this issue can be closed.