package-managersdependabotgithub-dependabot

Providing Dependabot with a list of dependencies


Is there any way of providing dependabot with a list of dependencies to check? Either by injecting the list or providing a custom package manager for it to use?


Solution

  • I found this Github step which allows you to upload an SPDX file to Dependabot: https://github.com/marketplace/actions/spdx-dependency-submission-action

    SPDX is an open SBOM format that can be generated by a number of tools.