Dependabot-core Alternatives

dependabot-core reviews and mentions

• Keeping Your Lagoon Dependencies Up-to-Date: A Developer's Guide
  6 projects | dev.to | 29 Oct 2024

  Dependabot- Integrated with GitHub

• Why I recommend Renovate over any other dependency update tools
  6 projects | news.ycombinator.com | 12 Apr 2024

  Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)

  Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).

• Storybook 8
  5 projects | news.ycombinator.com | 13 Mar 2024

  Storybook is great and all, but these days nearly every Dependabot alert I get is about a sub-dependency of Storybook. Since Dependabot doesn't currently allow you to ignore dev dependencies and only check production dependencies [0], this makes Storybook a Big Noise Generator and every time I dismiss another alert from it, I can't help but wonder if there's a better option out there.

  [0] https://github.com/dependabot/dependabot-core/issues/2521

• Keeping dependencies in your GitHub projects up-to-date with Dependabot
  5 projects | dev.to | 6 Jan 2024

  P.S. While this being a powerful and handy tool itself, it is only a part of Dependabot’s capabilities. If you are interested, you’ll find more about them in the GitHub docs.

• How to Manage Helm Chart Dependency Versions?
  2 projects | /r/helm | 4 Aug 2023

  Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.

• Dependabot vs RenovateBot
  2 projects | /r/golang | 27 Jun 2023

  - https://github.com/dependabot/dependabot-core

• Introducing Bld: A New Pure Java Build System
  14 projects | /r/java | 12 Apr 2023

  An important point is that this kind of metadata often needs to be accessible from outside the build system itself. You need that for example in order to integration with renovate-bot or github's dependabot, to check your dependencies against CVEs, to build SBOMs and various other additional tasks that are not part of the build itself, but related to the build's metadata. This is all functionality I don't want to reimplement, I want to use what's already out there. And for that the build system needs to have some minimum amount of compatibility with existing standard metadata files like pom.xml or build.gradle

• OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean
  4 projects | /r/GreyNoiseIntelligence | 24 Mar 2023

  To avoid any potential data breaches, it is recommended that users upgrade to a patched version of MinIO (RELEASE.2023-03-20T20-16-18Z) and integrate security tooling such as docker-cli-scan or use Github’s built-in monitoring for supply chain vulnerabilities, which already contains a record referencing this vulnerability.

• OCI Helm chat repo with common apps
  4 projects | /r/kubernetes | 2 Nov 2022

  I recognize that it does not handle chart updates, but it's might still ease the burden of applying minor releases easily etc. For the chart versions themselves, unfortunately dependabot does not support this and will not, but something like renovatebot does. Could be worth looking into as a dual approach

• Private profiles are now generally available on GitHub
  5 projects | news.ycombinator.com | 29 Sep 2022

  Disclosure: Renovate author

  Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.

  Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...

• A note from our sponsor - CodeRabbit
  coderabbit.ai | 17 Apr 2025

  Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR. Learn more →