wpt.fyi icon indicating copy to clipboard operation
wpt.fyi copied to clipboard

Published 20 hours ago verified publisher icon web-platform-tests

Migrate all dependency scanning to dependabot

Open jcscottiii opened this issue 3 years ago • 0 comments

Currently, wpt.fyi uses dependabot (first party) and renovate (third party). This issue tracks the work to move all of it to dependabot.

There was a great discussion in issue #2948 about the pros and cons of each one.

Definition of done:

  • [ ] Add reviewed deployments for dependabot PRs
  • [ ] Move go and node scanning from renovate to dependabot. Switch to scanning weekly.
  • [ ] Add docker scanning

jcscottiii avatar Sep 09 '22 13:09 jcscottiii