Dependabot Rule
The following rule type is available for Dependabot.
stacklok/dependabot_configured - Verifies that Dependabot is configured for the repository
Dependabot enables Automated dependency updates for repositories. It is recommended that repositories have some form of automated dependency updates enabled to ensure that vulnerabilities are not introduced into the codebase.
For more information, see https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
Entity
repository
Type
stacklok/dependabot_configured
Rule parameters
- None
Rule definition options
The stacklok/dependabot_configured rule supports the following options:
package_ecosystem (string)- The package ecosystem to check for updates- The package ecosystem that the rule applies to. For example,
gomod,npm,docker,github-actions, etc.
- The package ecosystem that the rule applies to. For example,
apply_if_file (string)- Optional. The file to check for to determine if the rule should be applied- If specified, the rule will only be evaluated if the given file exists. This is useful for rules that are only applicable to certain types of repositories.