Slow scanning taking over an hour

[sblatnick]

We run dependabot two different ways against the same code bases:

1. dependabot/cli (for finding vulnerabilities before alerts are created in testing)
2. github actions (for creating the alerts for our staging environment)

Various projects of various languages that consume our jenkins pipeline logic (shared library) have observed that dependabot/cli can take over an hour to complete, while seemingly the Github Actions creates the alerts within a few minutes.

I am not sure what I could provide you to troubleshoot this, nor do I know if Github Actions allow me to see how long they took to execute.

If you need any details or examples, please reach out to me privately since these projects are part of an Enteprise Github Organization. Also, @lindluni (Senior DevOps Engineer at Github) may be able to relay information.

[jeffwidman]

This is an interesting observation/question/problem.

However, it's not about the open source aspects of the cli (this repo) and is much more about some closed-source things in GitHub (how we run Dependabot on Actions for example). This is definitely a better fit for a support ticket, especially since you're part of an Enterprise GitHub Organization. Please file one and you're welcome to link back to this issue saying I told you to create one.