Change suggested to add Dependabot config for a subfolder even though that exists already
afranken opened this issue · 1 comments
afranken commented
See https://github.com/adobe/S3Mock/pull/1235/files
The dependabot action already configures:
- package-ecosystem: "docker"
# Look for `Dockerfile` in the `/docker` directory, that's where all versions are managed
directory: "/docker/"
# Open up to 10 PRs per run
open-pull-requests-limit: 10
# Add assignees
assignees:
- "afranken"
# Check for updates once per day, Github defaults to random time every day.
schedule:
interval: "daily"
step security recommends to add:
- package-ecosystem: docker
directory: /docker
schedule:
interval: daily
I'm guessing it may be the quotes that throw off the scan, but more likely it's the trailing slash in the directory name?
Step security does not recommend to add configuration for the other package-ecosystem configs, and they contain quotes too.
varunsh-coder commented
Thanks, @afranken, for creating the issue! I will investigate and get back soon.