- In your GitHub repository, navigate to the "Settings" tab.
- Scroll down to the "Security" section.
- Click on "Advanced Security".
- Find & enable "Dependency graph".
- Under, "Dependabot", enable the "Dependabot alerts" option.
To enable automatic dependency updates with Dependabot:
*** Ensure that either "Dependabot security updates" or "Dependabot version updates" is enabled.
- "Dependabot security updates" will automatically update dependencies with known vulnerabilities.
- "Dependabot version updates" will automatically update dependencies to the latest versions.
- Create a
.githubdirectory in the root of your repository if it does not exist. - Inside
.github, create a file nameddependabot.ymlwith the following content: - Add the following configuration to the file:
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
- package-ecosystem: nuget # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: daily