Slide 1

Slide 1 text

© 2019 CloudBees, Inc. All Rights Reserved. Tame your dependencies! Dependabot Oleg Nenashev (@oleg_nenashev) CloudBees, Inc. St. Petersburg, Oct 25, 2019

Slide 2

Slide 2 text

© 2019 CloudBees, Inc. All Rights Reserved. > whoami @oleg_nenashev oleg-nenashev • Based in Neuchatel, Switzerland • Principal SW Engineer, CloudBees • Jenkins core maintainer 2

Slide 3

Slide 3 text

© 2019 CloudBees, Inc. All Rights Reserved. 3 https://jokerconf.com/en/2019/talks/rjhhmugp5tzqbmlmg3mcm/

Slide 4

Slide 4 text

© 2019 CloudBees, Inc. All Rights Reserved. What’s common between Maven, NPM, и RPM? 4

Slide 5

Slide 5 text

© 2019 CloudBees, Inc. All Rights Reserved. Dependency Hell 5

Slide 6

Slide 6 text

© 2019 CloudBees, Inc. All Rights Reserved. Lib 1 Lib 2 Lib 3 Plugin 1 Plugin 2 Plugin 3 Lib 4 Lib 5 Plugin 4 6 + Tool dependencies

Slide 7

Slide 7 text

© 2019 CloudBees, Inc. All Rights Reserved. 7 > mvn versions:display-updates ... ? ? ?

Slide 8

Slide 8 text

© 2019 CloudBees, Inc. All Rights Reserved. What if we automate updates? 8

Slide 9

Slide 9 text

9 Dependabot, Renovate, Greenkeeper, etc.

Slide 10

Slide 10 text

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot 10 dependabot.com, acquired by GitHub

Slide 11

Slide 11 text

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot ● CLI tool ● SaaS and GitHub App 11 dependabot.com, acquired by GitHub

Slide 12

Slide 12 text

© 2019 CloudBees, Inc. All Rights Reserved. Automatic scans and updates 12

Slide 13

Slide 13 text

13

Slide 14

Slide 14 text

14

Slide 15

Slide 15 text

© 2019 CloudBees, Inc. All Rights Reserved. Step 1. Enable Dependabot 15

Slide 16

Slide 16 text

© 2019 CloudBees, Inc. All Rights Reserved. Step 2. Setup permissions 16

Slide 17

Slide 17 text

© 2019 CloudBees, Inc. All Rights Reserved. Step 3. Configure Dependabot 17

Slide 18

Slide 18 text

© 2019 CloudBees, Inc. All Rights Reserved. Step 4. Just wait a bit… 18

Slide 19

Slide 19 text

© 2019 CloudBees, Inc. All Rights Reserved. Not just pull requests! 19

Slide 20

Slide 20 text

© 2019 CloudBees, Inc. All Rights Reserved. Release notes 20

Slide 21

Slide 21 text

© 2019 CloudBees, Inc. All Rights Reserved. CommentOps 21

Slide 22

Slide 22 text

© 2019 CloudBees, Inc. All Rights Reserved. Configuration-as-Code 22

Slide 23

Slide 23 text

© 2019 CloudBees, Inc. All Rights Reserved. Advanced options ● Filtering of versions and artifacts ● Validated merge ● Integration wit GitHub security engines 23

Slide 24

Slide 24 text

© 2019 CloudBees, Inc. All Rights Reserved. Dependabot in Jenkins • Evaluation started in June 2019 • Enabled in 60+ repositories • 1750+ pull requests • Saves time! 24

Slide 25

Slide 25 text

© 2019 CloudBees, Inc. All Rights Reserved. Contacts: E-mail: [email protected] GitHub: oleg-nenashev Twitter: @oleg_nenashev QUESTIONS? 25