https://romanoroth.com/en/tags/dependabot/Recent content in Dependabot on Romano RothHugo -- gohugo.ioenRomano RothThu, 19 Jan 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-sca/Thu, 19 Jan 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-sca/<p>GitHub does not ship a default SCA tool the way GitLab does. You have to combine two things: a platform feature called Dependabot and an SCA action from the Marketplace. In Part 3 of the GitHub DevSecOps series, Patrick Steger and I wire both into our pipeline — and find out the hard way that the Marketplace path is not as smooth as the slides suggest.</p>