Automated updates for CodeQL GitHub Actions dependencies using Dependabot for an entire organization #129912
Unanswered
john-yacuta-submittable
asked this question in
Actions
Replies: 1 comment 7 replies
-
Enabling or disabling dependabot for all repositories in an organization is explained here: https://docs.github.com/en/code-security/dependabot/dependabot-alerts/configuring-dependabot-alerts#managing-dependabot-alerts-for-your-organization |
Beta Was this translation helpful? Give feedback.
7 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question
Body
Scenario: I have several repos in an organization that each contain a .github/workflows/codeql-analysis.yml with outdated codeql-actions workflows including
github/codeql-action/init@v2
andgithub/codeql-action/autobuild@v2
. I need to upgrade these dependencies for each file that uses these codeql-actions workflows.Docs: https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/
Question: I am aware that the deprecation notice supports Dependabot to help with this upgrade from the docs here: https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/ . However, the docs do not cover how to enable a dependabot.yml for an entire organization to automate the process to update only the codeql-actions workflows that I need updated. Does someone know how to get this enabled for an entire organization? I checked the organization settings but do not see an option to do so. See the example dependabot.yml below.
Beta Was this translation helpful? Give feedback.
All reactions