cli
cli copied to clipboard
dependabot
A tool for testing and debugging Dependabot update jobs.
Bumps the docker group with 3 updates in the / directory: [github.com/docker/cli](https://github.com/docker/cli), [github.com/docker/docker](https://github.com/docker/docker) and [github.com/moby/moby](https://github.com/moby/moby). Updates `github.com/docker/cli` from 25.0.4+incompatible to 26.1.1+incompatible Commits 4cf5afa Merge pull request #5047 from vvoland/v26.1-5038 6c2b06d...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Would it be possible to run dependabot CLI / dependabot-core without Docker? Maybe there is good reasoning behind the usage of Docker but I find it very "heavy" and complex...
Now that the updater container images are signed as part of https://github.com/dependabot/dependabot-core/issues/9546, we need to verify those signatures when using those container images. This change allows us to verify that...
Once https://github.com/dependabot/dependabot-core/issues/9546 is completed for production images, we should verify the container image signatures. This can be done with [`cosign`][1]. See sigstore's documentation on signature verification for information[^1], though we...
Docker has a new experimental feature: [air-gapped containers](https://docs.docker.com/desktop/hardened-desktop/settings-management/air-gapped-containers/) This could be useful to simplify how the CLI runs an update. Currently it creates a Docker network so the Updater image...
By default the CLI starts a fake API server which intercepts calls to a real API which allows the CLI to print output to stdout or a file. Unfortunately on...
I'd like to have an easy command to run updates locally, such that the local files are updated as if all resulting dependabot PRs were merged. This might look like...
Use case: my dependabot.yml config isn't doing quite what I expected, so I'd love to be able to run that locally against my local branch to test out the effect...
When dependabot runs in GitHub Actions, it seems to work without access to private registries. How can I get that functionality from dependabot/cli? When it hits a private registry and...
Discrepancies with Dependabot running in Github Actions vs running dependabot/cli have been a pain point in our integrating dependabot consistently for scanning our projects. For example, dependabot/cli uses a job.yaml...
Metadata
Owner
Metadata
A tool for testing and debugging Dependabot update jobs.