Is there any tool for automating GitHub repo vulnerabilities fixing?

#help #gimmesourcecode

Right now, My Gmail is full of vulnerabilities emails from GitHub.

So, if there is any tool/bot available for fixing, please let me know in comments

Top comments (2)

Austin S. Hemmelgarn • Aug 28 '19

Not 100% automatic (but this type of thing absolutely should not be 100% automated), but you can opt-in to getting automated PR's from GitHub that fix the vulnerabilities it finds as they are found.

You can turn this on by going to the repository's 'Security' tab. At the top right of the 'Alerts' page on the security tab, there should be a button that says 'Automated Security Fixes'. Click it, then select the 'Automated Security Fixes' item in the drop-down that comes up.

This obviously requires that you're using a packaging system that GitHub recognizes (though you wouldn't be getting security alerts if you weren't). Somewhat interestingly, it seems to be freely available for private repositories even if you don't have a Pro account, though I'm not sure if it actually works or not.

Under the hood, this is powered by Dependabot (which was acquired by GitHub back in May).

Yash Dave • Aug 28 '19

dependabot.com/ you should check this out!

DEV Community

Is there any tool for automating GitHub repo vulnerabilities fixing?

Right now, My Gmail is full of vulnerabilities emails from GitHub.

So, if there is any tool/bot available for fixing, please let me know in comments

Top comments (2)

Read next

DevTools Startup Ideas: Build an AI-Powered Chatbot Using Claude And React

Day 1 SQL Series || Introduction to SQL

Keeping MQTT Data History with Node.js

How to do Chain of Thought Prompting?