Skip to content

Migrate GitHub Actions updates from TSCCR to Dependabot #461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Migrate GitHub Actions updates from TSCCR to Dependabot #461

wants to merge 2 commits into from

Conversation

nodyhub
Copy link

@nodyhub nodyhub commented May 22, 2025

This repository previously had GitHub Actions updates managed through the TSCCR automation system. As TSCCR is no longer being maintained, responsibility for managing GitHub Actions updates now falls to the repository's owners.

This PR enhances your Dependabot configuration by adding the GitHub Actions ecosystem. The configuration is aligned with the previous TSCCR automation approach and will ensure your GitHub Actions continue to receive important updates.

Please note that this is a one-time configuration change. After merging, Dependabot will automatically manage GitHub Actions updates according to the specified schedule.

For additional information, please refer to Memo SEC-032. If you have any questions, the #team-prodsec team in Slack would be happy to help.

Compliance remark
The work is tracked by @hashicorp/team-prodsec in PSP-2640

@nodyhub nodyhub requested a review from a team as a code owner May 22, 2025 07:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anubhav-goel anubhav-goel anubhav-goel approved these changes

Assignees
No one assigned
Labels
dependapatch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nodyhub @anubhav-goel