github-mcp-server icon indicating copy to clipboard operation
github-mcp-server copied to clipboard
verified publisher icon github

feat: implement Dependabot security update tools

Open smadi0x86 opened this issue 8 months ago • 0 comments

Closes: #176

Description

This PR implements tools for managing Dependabot security updates in repositories. The implementation includes:

  1. GetSecuritySettings - Retrieves security settings for a repository
  2. UpdateSecuritySettings - Updates security settings for a repository
  3. GetDependabotSecurityUpdatesStatus - Checks if Dependabot security updates are enabled

Implementation Details

During implementation, I encountered an issue with GitHub's API behavior:

  • Public repositories should have Dependabot alerts enabled by default
  • However, the API still requires explicit enabling of vulnerability alerts
  • This creates a confusing user experience where the system says one thing but behaves differently

As a result, I've:

  1. Implemented the core functionality for managing security settings
  2. Documented the API behavior discrepancy in the code
  3. Commented out the EnableDependabotSecurityUpdates and DisableDependabotSecurityUpdates tools for future investigation.

smadi0x86 avatar Apr 08 '25 14:04 smadi0x86