From the course: GitHub Advanced Security Cert Prep by Microsoft Press

Unlock this course with a free trial

Join today to access over 24,700 courses taught by industry experts.

Identify where to use Dependabot alerts in the software development lifecycle

Identify where to use Dependabot alerts in the software development lifecycle - GitHub Tutorial

From the course: GitHub Advanced Security Cert Prep by Microsoft Press

Identify where to use Dependabot alerts in the software development lifecycle

- [Instructor] Basically the theme here for this certification exam objective is shift left in your CI/CD pipeline. Early detection, integrating Dependabot alerts such that even at your developer's desk, Dependabot will fail a push or warn you, grant the push but warn you at the console of dependency issues. The specifics of the scenario depends upon what you've got set up and how, but early detection is what we're looking for right at the developers, starting with the developer's desk. Dependabot as you'll see in the demo, interacts as a bot in your pull request reviews so you can go back and forth. There's actually a collection of at Dependabot commands that you can use to interact with Dependabot from your PR. And then of course post-deployment. It's nice to have that safety net of Dependabot running scheduled scans such that if one of your colleagues were to add a bad dependency version, I'm just thinking off the top of my head, or if tomorrow a vulnerability is identified in what…

Contents