mirror of
https://github.com/ossf/scorecard.git
synced 2024-09-17 11:57:12 +03:00
docs: be more specific about what Dependabot brings with it (#1336)
It would have helped me to decide whether I needed it or not Co-authored-by: Azeem Shaikh <azeemshaikh38@gmail.com>
This commit is contained in:
parent
ce0802571a
commit
3cf8b2bfdb
@ -305,7 +305,7 @@ low score is therefore not a definitive indication that the project is at risk.
|
||||
|
||||
|
||||
**Remediation steps**
|
||||
- Signup for automatic dependency updates with [dependabot](https://dependabot.com/docs/config-file/) or [renovatebot](https://docs.renovatebot.com/configuration-options/) and place the config file in the locations that are recommended by these tools.
|
||||
- Signup for automatic dependency updates with [dependabot](https://dependabot.com/docs/config-file/) or [renovatebot](https://docs.renovatebot.com/configuration-options/) and place the config file in the locations that are recommended by these tools. Due to https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can be enabled for forks where security updates have ever been turned on so projects maintaining stable forks should evaluate whether this behavior is satisfactory before turning it on.
|
||||
|
||||
## Fuzzing
|
||||
|
||||
|
@ -71,7 +71,11 @@ checks:
|
||||
Signup for automatic dependency updates with
|
||||
[dependabot](https://dependabot.com/docs/config-file/) or
|
||||
[renovatebot](https://docs.renovatebot.com/configuration-options/) and place
|
||||
the config file in the locations that are recommended by these tools.
|
||||
the config file in the locations that are recommended by these tools. Due to
|
||||
https://github.com/dependabot/dependabot-core/issues/2804 Dependabot can
|
||||
be enabled for forks where security updates have ever been turned on so projects
|
||||
maintaining stable forks should evaluate whether this behavior is satisfactory
|
||||
before turning it on.
|
||||
Binary-Artifacts:
|
||||
risk: High
|
||||
tags: supply-chain, security, dependencies
|
||||
|
Loading…
Reference in New Issue
Block a user