Exercise - Configure Dependabot security updates
This hands-on exercise guides you on using GitHub to manage your dependencies.
Secure your repository's supply chain
GitHub helps you secure your supply chain, from understanding the dependencies in your environment to knowing about vulnerabilities in those dependencies and patching them.
- Who this is for: Developers, DevOps Engineers, Site Reliability Engineers, Security practitioners
- What you'll learn: How to view repository dependencies, view Dependabot alerts, and enable Dependabot security and version updates
- What you'll build: Repository dependencies, Dependabot alerts, pull requests to fix dependencies and version updates
- Prerequisites: None
- Timing: This course can be completed in under an hour
Here are some helpful tips before you begin the exercise:
- After you open the exercise repository, right-click Start course and open the link in a new tab.
- In the new tab, most of the prompts will automatically fill in for you.
- For owner, choose your personal account or an organization to host the repository.
- We recommend creating a public repository, as private repositories will use Actions minutes.
- Scroll down and select the Create repository button at the bottom of the form.
- After your new repository is created, wait about 20 seconds, then refresh the page. Follow the step-by-step instructions in the new repository's README.
This exercise is a walkthrough based on content covered in this module. It might take several attempts to complete the activities, you can revisit previous content in this module or go to some of the additional resources provided as many times as you want to find the solution.
When you've finished the exercise in GitHub, return here for:
- A quick knowledge check.
- A summary of what you've learned.
- A badge for completing this module.