Description
Show Notes
From software composition reports, we know that most applications rely on dozens or even hundreds of open source dependencies. Sometimes, adding a single library to your manifest file can result in bringing in a massive dependency tree. How can we make sure that we stay on top of any known vulnerabilities, and update our dependency versions as needed?
In this video, Maya Kaczorowski and Sasha Rosenbaum discuss how Dependabot works behind the scenes to help you identify and remediate known vulnerabilities, and show us a demo of the feature.
5:13 - demo: leveraging Dependabot
12:01 - demo continued
Dependabot alerts: https://github.co/security-alerts
Dependabot security updates: https://github.co/security-updates
Maya Kaczorowski:
GitHub - https://github.com/mayakacz
Twitter - https://twitter.com/MayaKaczorowski
Sasha Rosenbaum:
GitHub - https://github.com/DivineOps
Twitter - https://twitter.com/DivineOps
As always, feel free to leave us a comment below and don't forget to subscribe: http://bit.ly/subgithub
Thanks!
Connect with us.
Facebook: http://fb.com/github
Twitter: http://twitter.com/github
LinkedIn: http://linkedin.com/company/github
About GitHub
GitHub is the best place to share code with friends, co-workers, classmates, and complete strangers. Millions of people use GitHub to build amazing things together. For more info, go to http://github.com