openfl
openfl copied to clipboard
securefederatedai
Create dependabot.yml config to only scan core dependencies
By default, dependabot scans all python dependencies and requirements.txt files in the repository. ~95% of these are for examples, which trigger false positives for vulnerable packages that have low potential for exploit. Dependabot should only scan the following for vulnerable dependencies:
-setup.py -requirements-linters.txt -requirements-test.txt -docs/requirements-docs.txt -openfl-tutorials/experimental/requirements_workflow_interface.txt
