search

mattermost-community / mattermost-plugin-confluence

A Mattermost Plugin to receive events from Confluence
Apache License 2.0
14 stars 14 forks source link

Enabling dependabot #111

Closed phoinixgrr closed 5 months ago

phoinixgrr commented 5 months ago

Enabling dependabot

Ticket: https://mattermost.atlassian.net/browse/CLD-7732

mickmister commented 4 months ago

@phoinixgrr Are we able to enable the general dependabot security checks as shown here?

https://github.com/mattermost-community/mattermost-plugin-confluence/security

image

This is enabled for other repos like https://github.com/mattermost/mattermost-plugin-jira/security

Atm the PRs that dependabot creates for this repo are just for Go dependencies, as configured in this PR. We also want to have it create updates for npm dependencies, which is covered by the general dependabot system. Having that enabled also allows us to browse the open security issues to triage and handle or dismiss them.

phoinixgrr commented 4 months ago

@phoinixgrr Are we able to enable the general dependabot security checks as shown here?

https://github.com/mattermost-community/mattermost-plugin-confluence/security

image

This is enabled for other repos like https://github.com/mattermost/mattermost-plugin-jira/security

Atm the PRs that dependabot creates for this repo are just for Go dependencies, as configured in this PR. We also want to have it create updates for npm dependencies, which is covered by the general dependabot system. Having that enabled also allows us to browse the open security issues to triage and handle or dismiss them.

I recommend reviewing the security-related alerts from Dependabot with the Security Team.

For the npm dependencies, please configure Dependabot according to the project's needs. If you require any assistance with this, don't hesitate to let us know! 🚀