I would like to leverage the "security features" of GitHub like Dependabot alerts and Code scanning alerts.
First question: Do we want this? Does anyone object?
Second question: Is this possible with our GitHub setup? I known that this question might be better suited for the infra list, but
OTOH I know that some infra guys are here as well.
While Dependabot seems to be only a matter of activating which might be easy I understand that The Code scanning alerts run as
GitHub actions and I am not sure if we can use GitHub actions or what the limits are as for the CI stuff we use Travis.
Regards
Rüdiger
First question: Do we want this? Does anyone object?
Second question: Is this possible with our GitHub setup? I known that this question might be better suited for the infra list, but
OTOH I know that some infra guys are here as well.
While Dependabot seems to be only a matter of activating which might be easy I understand that The Code scanning alerts run as
GitHub actions and I am not sure if we can use GitHub actions or what the limits are as for the CI stuff we use Travis.
Regards
Rüdiger