6abb4b9af6
dependabot is an independent security scanning tool which mostly focuses on evaluating the dependency chain. Having the dependabot.yml file on the main branch would enable the bot to test the dependencies daily.
16 lines
318 B
YAML
16 lines
318 B
YAML
# Basic test trying dependabot
|
|
|
|
version: 2
|
|
updates:
|
|
|
|
# Maintain dependencies for GitHub Actions
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
|
|
# Maintain dependencies for npm
|
|
- package-ecosystem: "gomod"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|