Closed Bug 1506836 Opened 6 years ago Closed 6 years ago

Assess use of external addon dependabot in Mozilla's GitHub organization mozilla

Categories

(mozilla.org :: Github: Administration, task)

Product:
mozilla.org
Component:
Github: Administration
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: klukas, Assigned: hwine)

Details

I want to use the dependabot addon in mozilla for the following reasons:

- It has already been installed for telemetry-analysis-service and a few other repositories, and I'm hearing great things about it compared to other tools for keeping dependencies up to date. In particular, it can handle multiple languages in a single repository, which is the case for gcp-ingestion (python and Java).

Below are my answers to your stock questions:

** Which repositories do you want to have access?

- mozilla/gcp-ingestion

** Are any of those repositories private?

- no

** Provide link to vendor's description of permissions needed and why

- https://github.com/dependabot/feedback/issues/22#issuecomment-389828994

** Provide the Install link for a GitHub app

- https://github.com/organizations/mozilla/settings/installations/200844
done
Assignee: nobody → hwine
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Thank you, Hal. I'm able to access the project now in Dependabot.
You need to log in before you can comment on or make changes to this bug.