Skip to content

Commit

Permalink
Add a config for dependabot alerts
Browse files Browse the repository at this point in the history 
Summary:
Added explicit configuration for dependabot. We already use it to be
alerted when CVEs are reported but don't use PRs created by dependabot to
mitigate at the moment.

Test Plan: N/A Just some tooling configs

Reviewers: michelle, zasgar

Reviewed By: zasgar

Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>

Differential Revision: https://phab.corp.pixielabs.ai/D11378

GitOrigin-RevId: c86d8c2
  • Loading branch information
@vihangm @copybaranaut
vihangm authored and copybaranaut committed May 5, 2022
1 parent cf112a2 commit 81f3977
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
version: 2
updates:
- package-ecosystem: "npm"
directory: "/src/ui"
schedule:
interval: "daily"
# Alert but don't open PRs
open-pull-requests-limit: 0
- package-ecosystem: "gomod"
directory: "/"
schedule:
interval: "daily"
# Alert but don't open PRs
open-pull-requests-limit: 0

0 comments on commit 81f3977

Please sign in to comment.