I’m reaching out to see if anyone has experience integrating Dependabot with Azure Repos and would be willing to share their insights or advice on setting it up for efficient dependency management. Additionally, if anyone knows of any Udemy or YouTube tutorials that could help, that would be greatly appreciated.
We’re currently facing SCA vulnerabilities due to outdated npm/nuget packages and are looking for ways to automate updates to save time, possibly through pipeline or DevOps solutions.
0
Automatically fix detected dependency scanning vulnerabilities with Dependabot security updates is one of the new capabilities we expect to deliver for GitHub Advanced Security for Azure DevOps. Although this feature is part of our vision, it is currently not associated with a specific release on our roadmap.
We are bringing the power of Dependabot Security Updates to GitHub Advanced Security in Azure DevOps. This will allow Advanced Security users to enable the automatic creation of pull requests for dependency vulnerability detections.
Dependabot security updates will make it easier for you to fix vulnerable dependencies in your repository. Once you enable this feature, when a Dependabot alert is raised for a vulnerable dependency in your repository, Dependabot automatically tries to fix it.
Dependabot will check whether it’s possible to upgrade the vulnerable dependency to a fixed version without disrupting the dependency graph for the repository. Then Dependabot will raise a pull request to update the dependency to the minimum version that includes the patch and links the pull request to the Dependency Scanning alert.