This PR sends your sbt dependencies to GitHub for vulnerability monitoring via Dependabot.
Why?
If a repository is in production, we need to track its third party dependencies for vulnerabilities. Historically, we have done this using Snyk, but we are now moving to GitHub’s native Dependabot. Scala is not a language that Dependabot supports out of the box, this workflow is required to make it happen. As a result, we have raised this PR on your behalf to add it to the Dependency Graph.
How has it been verified?
We have tested this workflow, and the process of raising a PR on DevX repos, and have verified that it works. However, we have included some instructions below to help you verify that it works for you. Please do not hesitate to contact DevX Security if you have any questions or concerns.
What do I need to do?
[ ] A run of this action should have been triggered when the branch was created. Go to Insights -> Dependency graph and sense check a few of your dependencies to make sure they show up. There may be a short delay between submission and them appearing in the UI.
[ ] When you are happy the action works, remove the branch name sbt-dependency-graph-c60e0dd3e8578618trigger from the the yaml file (aka delete line 6), approve, and merge.
What does this change?
This PR sends your sbt dependencies to GitHub for vulnerability monitoring via Dependabot.
Why?
If a repository is in production, we need to track its third party dependencies for vulnerabilities. Historically, we have done this using Snyk, but we are now moving to GitHub’s native Dependabot. Scala is not a language that Dependabot supports out of the box, this workflow is required to make it happen. As a result, we have raised this PR on your behalf to add it to the Dependency Graph.
How has it been verified?
We have tested this workflow, and the process of raising a PR on DevX repos, and have verified that it works. However, we have included some instructions below to help you verify that it works for you. Please do not hesitate to contact DevX Security if you have any questions or concerns.
What do I need to do?
sbt-dependency-graph-c60e0dd3e8578618
trigger from the the yaml file (aka delete line 6), approve, and merge.