I would like us to consider as a team where and how Dependabot would be useful for us as an org.
We need to consider: what repos to add it to, which languages we want to support or exclude, what security alerts we want, do we want to use library compatibility score features, and if we want to send alerts to a Slack channel.
I also assume that Automated Dependency Update is a no for our applications. As dependabot can grow in complexity quickly I suggest using it in the simplest way possible and gradually increasing capabilities.
I would like to hear from everyone interested what their wish list for this would be so and feel free to add other contributors to this discussion.
I am adding a number of you to the Assignees but this is not a task assignment.
I would like us to consider as a team where and how Dependabot would be useful for us as an org.
We need to consider: what repos to add it to, which languages we want to support or exclude, what security alerts we want, do we want to use library compatibility score features, and if we want to send alerts to a Slack channel.
I also assume that Automated Dependency Update is a no for our applications. As dependabot can grow in complexity quickly I suggest using it in the simplest way possible and gradually increasing capabilities.
I would like to hear from everyone interested what their wish list for this would be so and feel free to add other contributors to this discussion.
I am adding a number of you to the Assignees but this is not a task assignment.