Bulk-check system (Allow to trigger checks for all repos on your account) #15566
Unanswered
Andre601
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I'm pretty sure you can imagine the following scenario:
You have multiple repositories which all have the same dependency defined and Dependabot configured to check once a day.
Now Dependabot made PRs for those repositories to bump the dependency. A few hours after merging those PRs does the dependency author push another release, perhaps to fix a critical bug.
Since Dependabot already did its daily checks would you either have to wait for its next scheduled check or trigger a manual check for each individual repository, which is time-consuming.
This happened to me several times, which is why I would like to propose a way to "bulk-check" dependencies.
Whether this would be a profile setting or something like a configuration in a
.github
repo is up for the GitHub Team to decide.Essentially, this feature would allow you to press a button to make Dependabot check the dependencies of all repositories that both have a
dependabot.yml
file present and also fit any configured filters.Those filters could be used to avoid checks for package ecosystems that do not have any updates present. Perhaps it could be similar to the current way of defining multiple package ecosystems in the
dependabot.yml
to check (pip
,maven
,github-actions
, etc.)Beta Was this translation helpful? Give feedback.
All reactions