Skip to content

Change suggested to add Dependabot config for a subfolder even though that exists already #2250

New issue
New issue
Open
#2263
Open
Change suggested to add Dependabot config for a subfolder even though that exists already#2250
#2263
@afranken

Description

@afranken
afranken
opened on Jul 19, 2023

See https://github.com/adobe/S3Mock/pull/1235/files

The dependabot action already configures:

  - package-ecosystem: "docker"
    # Look for `Dockerfile` in the `/docker` directory, that's where all versions are managed
    directory: "/docker/"
    # Open up to 10 PRs per run
    open-pull-requests-limit: 10
    # Add assignees
    assignees:
      - "afranken"
    # Check for updates once per day, Github defaults to random time every day.
    schedule:
      interval: "daily"

step security recommends to add:

  - package-ecosystem: docker
    directory: /docker
    schedule:
      interval: daily

I'm guessing it may be the quotes that throw off the scan, but more likely it's the trailing slash in the directory name?
Step security does not recommend to add configuration for the other package-ecosystem configs, and they contain quotes too.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions