How to run the dependabot cli in local or in github action to Scan an image URL and provide suggestions

Question

How to run the dependabot cli in local or in github action to Scan an image URL and provide suggestions

arununzer opened this issue a year ago · 2 comments

Hello Team,

How to run the dependabot cli in local or in github actions Workflow to Scan an image URL and provide suggestions to update the image in the workflow itself without raising a PR.

Answer 1 · 2023-07-20T13:04:37.000Z

I'm not sure what you mean by "Scan an image URL" but if you take a look at our smoke tests: https://github.com/dependabot/smoke-tests/tree/main/tests

These are all input files to the Dependabot CLI. We're running them in a workflow here: https://github.com/dependabot/smoke-tests/blob/main/.github/workflows/smoke.yml

You can use the -o option to write the output and then consume it to detect the changes, or parse it out from stdout.

Good luck!

Answer 2 · 2023-07-27T11:34:29.000Z

Sorry the question was... how can i use a dependabot CLI in GHA Workflow for Scanning an image from public repostory like : public.ecr.aws/docker/library/eclipse-temurin:17.0.6_10-jre-alpine instead of a directory And to suggest a bump of the updated release .. i will be running this in github actions on a scheduled basis..

PS : I dont want to enable dependabot for all repos.. instead keep a custom base image on top of a public image And scan that peridocially