Dependency Configuration

Overview

Autofix

Enable automated upgrade pull requests for dependencies:

dependencies:
  auto_fix:
    enabled: true
    max_pull_requests_open: 2
    max_pull_request_creation_rate:
      count: 2
      days: 7

Ignore Findings

Suppress known advisories or defer remediation with context:

dependencies:
  ignore:
    - cve: CVE-2024-9999
      reason: Library only used in test harnesses
    - cve: CVE-2024-1111
      reason: Exploit blocked by upstream WAF; tracking for long-term update
      expiry: "2025-03-31T00:00:00Z"
      repositories:
        - payments-service
        - api-gateway

Use campaigns to track deferred work and prevent forgotten exceptions.

PreviousCode Configuration NextContainer Configuration

Last updated 1 day ago

Was this helpful?