Add in updateCLI in check for dependency update tool check

Question

Add in updateCLI in check for dependency update tool check

cwayne18 opened this issue 2 years ago · 4 comments

For the dependency update tool check, AFAICS it currently only checks for Dependabot/Renovate, while some projects may be using (updateCLI)[https://updatecli.io/] to do the same kind of automation. Could it make sense to check for updateCLI configs as well?

Answer 1 · 2023-01-04T08:07:49.000Z

Hi @cwayne18 👋

Yes, that makes sense. CLOMonitor relies on OpenSSF Scorecard for this check, so it'd be great if this was implemented upstream. Otherwise we can extend that check on our end, that'd be another option. BTW they also support Sonatype Lift and PyUp, we need to update our docs 😉

Answer 2 · 2023-01-04T11:41:39.000Z

Aha yes, somehow I knew but completely had forgotten this would need to go upstream sorry! 🤦

Answer 3 · 2023-01-04T14:41:49.000Z

+1 for upstream!

…

On Wed, Jan 4, 2023 at 4:41 AM Chris Wayne ***@***.***> wrote: Aha yes, somehow I knew but completely had forgotten this would need to go upstream sorry! 🤦 — Reply to this email directly, view it on GitHub <#826 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAPSIPIMNVDALKNKTWXM6LWQVOX3ANCNFSM6AAAAAATP56L6Y> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

-- Cheers, Chris Aniszczyk https://aniszczyk.org

Answer 4 · 2023-01-09T07:15:41.000Z

Will close this one for now, please feel free to reopen if needed 🙂