From 180a5d290d86878a56c3db8e46728d3f0ac8e4d9 Mon Sep 17 00:00:00 2001 From: Alan Forbes Date: Thu, 16 May 2024 14:28:05 +0100 Subject: [PATCH] [CP-Sec] dependabot.yml for CI Docker and Github Actions --- .github/dependabot.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..23007b4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: +# Enable version updates for Docker + - package-ecosystem: "docker" + # Look for a `Dockerfile` in the `ci` directory + directory: "/ci" + # Check for updates once a week + schedule: + interval: "weekly" +# Enable version updates for Github Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + github-actions: + patterns: + - "*"