Joker 2019: Tame your dependencies with Dependabot!

© 2019 CloudBees, Inc. All Rights Reserved. Tame your dependencies!
Dependabot Oleg Nenashev (@oleg_nenashev) CloudBees, Inc. St. Petersburg, Oct 25, 2019

© 2019 CloudBees, Inc. All Rights Reserved. > whoami @oleg_nenashev
oleg-nenashev • Based in Neuchatel, Switzerland • Principal SW Engineer, CloudBees • Jenkins core maintainer 2

© 2019 CloudBees, Inc. All Rights Reserved. What’s common between
Maven, NPM, и RPM? 4

© 2019 CloudBees, Inc. All Rights Reserved. Lib 1 Lib
2 Lib 3 Plugin 1 Plugin 2 Plugin 3 Lib 4 Lib 5 Plugin 4 6 + Tool dependencies

© 2019 CloudBees, Inc. All Rights Reserved. 7 > mvn
versions:display-updates ... ? ? ?

© 2019 CloudBees, Inc. All Rights Reserved. What if we
automate updates? 8

9 Dependabot, Renovate, Greenkeeper, etc.

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot 10 dependabot.com,
acquired by GitHub

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot • CLI
tool • SaaS and GitHub App 11 dependabot.com, acquired by GitHub

© 2019 CloudBees, Inc. All Rights Reserved. Automatic scans and
updates 12

© 2019 CloudBees, Inc. All Rights Reserved. Step 1. Enable
Dependabot 15

© 2019 CloudBees, Inc. All Rights Reserved. Step 2. Setup
permissions 16

© 2019 CloudBees, Inc. All Rights Reserved. Contacts: E-mail: [email protected]
GitHub: oleg-nenashev Twitter: @oleg_nenashev QUESTIONS? 25

Joker 2019: Tame your dependencies with Dependabot!

Joker 2019: Tame your dependencies with Dependabot!

Oleg Nenashev
PRO

More Decks by Oleg Nenashev

Other Decks in Technology

Featured

Transcript

© 2019 CloudBees, Inc. All Rights Reserved. Tame your dependencies!

© 2019 CloudBees, Inc. All Rights Reserved. > whoami @oleg_nenashev

© 2019 CloudBees, Inc. All Rights Reserved. 3 https://jokerconf.com/en/2019/talks/rjhhmugp5tzqbmlmg3mcm/

© 2019 CloudBees, Inc. All Rights Reserved. What’s common between

© 2019 CloudBees, Inc. All Rights Reserved. Dependency Hell 5

© 2019 CloudBees, Inc. All Rights Reserved. Lib 1 Lib

© 2019 CloudBees, Inc. All Rights Reserved. 7 > mvn

© 2019 CloudBees, Inc. All Rights Reserved. What if we

9 Dependabot, Renovate, Greenkeeper, etc.

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot 10 dependabot.com,

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot • CLI

© 2019 CloudBees, Inc. All Rights Reserved. Automatic scans and

13

14

© 2019 CloudBees, Inc. All Rights Reserved. Step 1. Enable

© 2019 CloudBees, Inc. All Rights Reserved. Step 2. Setup

© 2019 CloudBees, Inc. All Rights Reserved. Step 3. Configure

© 2019 CloudBees, Inc. All Rights Reserved. Step 4. Just

© 2019 CloudBees, Inc. All Rights Reserved. Not just pull

© 2019 CloudBees, Inc. All Rights Reserved. Release notes 20

© 2019 CloudBees, Inc. All Rights Reserved. CommentOps 21

© 2019 CloudBees, Inc. All Rights Reserved. Configuration-as-Code 22

© 2019 CloudBees, Inc. All Rights Reserved. Advanced options •

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot in Jenkins

© 2019 CloudBees, Inc. All Rights Reserved. Contacts: E-mail: [email protected]