Skip to content
/ dependabot-alerts Public

Notifications of Dependabot alerts across a GitHub organization.

License

BSD-2-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hypothesis/dependabot-alerts

BranchesTags

Repository files navigation

Dependabot Alerts

Notifications of Dependabot alerts across a GitHub organization.

dependabot-alerts lists Dependabot security alerts for all repos of a GitHub organization. You can run it from the command line:

$ dependabot-alerts <your_github_organization>

You'll need to have GitHub CLI installed and logged in.

There's also a GitHub Actions workflow that runs automatically on a schedule and notifies us in Slack of any Dependabot alerts in the hypothesis GitHub organization.

Installing

We recommend using pipx to install Dependabot Alerts. First install pipx then run:

pipx install git+https://github.com/hypothesis/dependabot-alerts.git

You now have Dependabot Alerts installed! For some help run:

dependabot-alerts --help

Upgrading

To upgrade to the latest version run:

pipx upgrade dependabot-alerts

To see what version you have run:

dependabot-alerts --version

Uninstalling

To uninstall run:

pipx uninstall dependabot-alerts

Setting up Your Dependabot Alerts Development Environment

First you'll need to install:

  • Git. On Ubuntu: sudo apt install git, on macOS: brew install git.
  • GNU Make. This is probably already installed, run make --version to check.
  • pyenv. Follow the instructions in pyenv's README to install it. The Homebrew method works best on macOS. The Basic GitHub Checkout method works best on Ubuntu. You don't need to set up pyenv's shell integration ("shims"), you can use pyenv without shims.

Then to set up your development environment:

git clone https://github.com/hypothesis/dependabot-alerts.git
cd dependabot-alerts
make help

Changing the Project's Python Versions

To change what versions of Python the project uses:

  1. Change the Python versions in the cookiecutter.json file. For example:

    "python_versions": "3.10.4, 3.9.12",

  2. Re-run the cookiecutter template:

    make template

  3. Commit everything to git and send a pull request

Changing the Project's Python Dependencies

To change the production dependencies in the setup.cfg file:

  1. Change the dependencies in the .cookiecutter/includes/setuptools/install_requires file. If this file doesn't exist yet create it and add some dependencies to it. For example:

    pyramid
sqlalchemy
celery

  2. Re-run the cookiecutter template:

    make template

  3. Commit everything to git and send a pull request

To change the project's formatting, linting and test dependencies:

  1. Change the dependencies in the .cookiecutter/includes/tox/deps file. If this file doesn't exist yet create it and add some dependencies to it. Use tox's factor-conditional settings to limit which environment(s) each dependency is used in. For example:

    lint: flake8,
format: autopep8,
lint,tests: pytest-faker,

  2. Re-run the cookiecutter template:

    make template

  3. Commit everything to git and send a pull request

About

Notifications of Dependabot alerts across a GitHub organization.

Resources

Readme

License

BSD-2-Clause license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages