From 8eb5bf2e7575b46a209e2337bf6172774c29ce55 Mon Sep 17 00:00:00 2001 From: IngyHere Date: Tue, 19 Mar 2024 09:02:09 -0700 Subject: [PATCH 1/2] Issue #110: Minor text edits to improve readability. Update dependabot GH action with latest from Python SK. --- .../security/github-security/README.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/guides/software-lifecycle/security/github-security/README.md b/docs/guides/software-lifecycle/security/github-security/README.md index 1f18cc822..e0afae191 100644 --- a/docs/guides/software-lifecycle/security/github-security/README.md +++ b/docs/guides/software-lifecycle/security/github-security/README.md @@ -48,14 +48,19 @@ If you do not have organizational permissions or if you wish to customize securi - For added security, we suggest turning on Dependabot security updates to automatically generate pull requests for known vulnerabilities in your dependencies. - We also recommend enabling Dependabot version updates _if you are using a package manager for your project_. This will help you keep your dependencies up-to-date. To configure Dependabot version updates: 1. Create a `.github/dependabot.yml` file in your repository. - 2. Specify the package-ecosystem, directory, and schedule for the updates. For example: + 2. Specify the package-ecosystem, directory, schedule and branch to update. For example (from the [Slim Python Starter Kit](https://github.com/NASA-AMMOS/slim-starterkit-python/blob/main/.github/dependabot.yml)): ```yml version: 2 updates: - - package-ecosystem: "npm" - directory: "/" + - package-ecosystem: 'pip' + directory: '/' # location of package manifests schedule: - interval: "daily" + interval: 'daily' + time: '09:00' + timezone: 'America/Los_Angeles' + target-branch: 'main' + labels: + - 'dependencies' ``` - To view Dependabot alerts and version updates: - Head back to the main page of your repository. From a8cb06462f5d77937339976d9a9164e2283223fe Mon Sep 17 00:00:00 2001 From: ingyhere Date: Tue, 26 Mar 2024 11:36:10 -0700 Subject: [PATCH 2/2] Issue #110: Update directions based on review. ... Co-authored-by: Rishi Verma --- .../software-lifecycle/security/github-security/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/software-lifecycle/security/github-security/README.md b/docs/guides/software-lifecycle/security/github-security/README.md index e0afae191..2cc3eec43 100644 --- a/docs/guides/software-lifecycle/security/github-security/README.md +++ b/docs/guides/software-lifecycle/security/github-security/README.md @@ -48,7 +48,7 @@ If you do not have organizational permissions or if you wish to customize securi - For added security, we suggest turning on Dependabot security updates to automatically generate pull requests for known vulnerabilities in your dependencies. - We also recommend enabling Dependabot version updates _if you are using a package manager for your project_. This will help you keep your dependencies up-to-date. To configure Dependabot version updates: 1. Create a `.github/dependabot.yml` file in your repository. - 2. Specify the package-ecosystem, directory, schedule and branch to update. For example (from the [Slim Python Starter Kit](https://github.com/NASA-AMMOS/slim-starterkit-python/blob/main/.github/dependabot.yml)): + 2. Specify the package-ecosystem, directory, schedule and branch to update. For example, the below demonstrates a Python [dependabot.yml](https://github.com/NASA-AMMOS/slim-starterkit-python/blob/main/.github/dependabot.yml) example from the [SLIM Python Starter Kit](https://nasa-ammos.github.io/slim/docs/guides/software-lifecycle/application-starter-kits/python-starter-kit/): ```yml version: 2 updates: