Exercise - Configure Dependabot security updates

In this lab, you will learn how to configure Dependabot security updates to automatically fix vulnerabilities in your project dependencies. Dependabot monitors your dependencies, alerts you to vulnerabilities, and can automatically create pull requests to update vulnerable packages to secure versions.

You will learn how to:

• Enable Dependabot alerts
• Configure Dependabot security updates
• Review and merge Dependabot pull requests
• Customize Dependabot configuration
• Understand dependency security best practices
• Monitor dependency vulnerabilities

This lab takes approximately 30-45 minutes to complete.

Before you start

To complete the lab, you need:

• A GitHub user account. If you don't have one, you can create a new account. If you need instructions on how to create a GitHub account, refer to the article Creating an account on GitHub.
• A web browser with access to the internet.

Complete the exercise on GitHub

In this exercise, you'll configure Dependabot security updates through a hands-on GitHub Skills exercise.

Note: This exercise is hosted on GitHub Skills and provides an interactive learning experience. You'll enable Dependabot and learn how it automatically creates pull requests to fix vulnerabilities.

The exercise consists of the following activities:

1. Start a web browser and navigate to the exercise repository: https://github.com/skills-dev/secure-repository-supply-chain

2. On the exercise page, select the Use this template button to copy the exercise to your GitHub account.

   Note: Simply copy the exercise to your account, then give GitHub about 20 seconds to prepare the first lesson, then refresh the page.

3. Follow the instructions on the repository's README to complete all the challenges.

4. Work through each step in the exercise, following the prompts and instructions provided.

   Note: Dependabot will automatically scan your dependencies and create pull requests to update vulnerable packages.

5. When you finish all the challenges, you'll understand how to maintain secure dependencies using Dependabot.

What you've learned

After completing this exercise, you should be able to:

• Enable Dependabot alerts
• Configure security updates
• Review Dependabot pull requests
• Customize Dependabot settings
• Apply dependency security best practices
• Monitor vulnerabilities effectively

Congratulations! You've completed the Dependabot configuration exercise!