Enable periodic checking of dependencies for vuln Python packages

Question

Enable periodic checking of dependencies for vuln Python packages

Closed this issue 3 years ago · 1 comments

Dependabot doesn't seem to be working for this repo!

Could enable periodic checks with e.g. Safety or Trivy. The latter definitely understands poetry.lock files. The former can't read a poetry.lock directly but is still an option.

Best to implement as a GitHub Action (see also Issue #152) rather than hack these checks into our Travis configs.

Answer 1 · 2021-06-02T15:45:33.000Z

Dependabot now seems to be working. Closing.