platform/blackroad-os-web
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0547b593b2dc04a2af47ab602aa23c60e0f6b645
blackroad-os-web/.github/dependabot.yml
Alexa Amundson ffeb3dfc99 🔒 Enable Dependabot security updates 
Automatically updates dependencies with security vulnerabilities.

Features:
- 10 package ecosystems covered (npm, pip, docker, etc.)
- Daily checks for critical updates
- Auto-labels PRs with 'dependencies' and 'security'
- Ignores major version updates for stability
- Comprehensive security coverage

Expected Impact:
- Continuous vulnerability detection
- Automated security patches
- Compliance (SOC 2, ISO 27001)
- Proactive security posture

© 2025-2026 BlackRoad OS, Inc.
2026-01-04 16:58:48 -06:00

111 lines
2.1 KiB
YAML
Raw Blame History

version: 2
updates:
# JavaScript/Node.js dependencies
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
time: "03:00"
timezone: "America/Chicago"
open-pull-requests-limit: 10
reviewers:
- "blackboxprogramming"
commit-message:
prefix: "🔒 [Security]"
include: "scope"
labels:
- "dependencies"
- "security"
ignore:
# Ignore major version updates for stability
- dependency-name: "*"
update-types: ["version-update:semver-major"]
# Python dependencies
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "daily"
time: "03:00"
timezone: "America/Chicago"
open-pull-requests-limit: 10
labels:
- "dependencies"
- "security"
# Docker dependencies
- package-ecosystem: "docker"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "03:00"
labels:
- "dependencies"
- "security"
# GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "monday"
time: "03:00"
labels:
- "dependencies"
- "security"
# Composer (PHP)
- package-ecosystem: "composer"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "security"
# Bundler (Ruby)
- package-ecosystem: "bundler"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "security"
# Gradle (Java)
- package-ecosystem: "gradle"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "security"
# Maven (Java)
- package-ecosystem: "maven"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "security"
# Go modules
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "security"
# Cargo (Rust)
- package-ecosystem: "cargo"
directory: "/"
schedule:
interval: "daily"
labels:
- "dependencies"
- "security"
Reference in New Issue View Git Blame Copy Permalink