diff --git a/README.md b/README.md index e92ea6cb9..ddee1745d 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,39 @@ -

+
Dependabot -

+ -# Dependabot Demo Repository +## Dependabot Demo Repository This repo contains some projects with outdated dependencies. Fork it to try out Dependabot :dependabot:! + +### Enabling Security Updates + +- In your fork, click the **Settings** tab +- In the left hand side navigation, click **Code security and analysis** +- Enable **Dependabot security updates** or **Grouped security updates** +- Dependabot will now start creating PRs for detected security vulnerabilities +- Go into the **Security** tab and click **Dependabot** in the left hand side navigation to see what Dependabot is working on + +screenshot showing Dependabot working on Security Updates + +After about 5 minutes you should see some PRs open. Merge them and the Securty Alerts will close 🎉 + +### Enabling Version Updates + +This demo includes a `dependabot.yml` which configures [Version Updates](https://docs.github.com/github/administering-a-repository/keeping-your-dependencies-updated-automatically), but forks don't automatically start with Dependabot enabled. + +The enable Dependabot on your fork: +- Click the **Insights** tab +- In the left hand side navigation, click **Dependency Graph** +- Click on the **Dependabot** tab +- Click on the **Enable Dependabot** button +- After a moment, refresh the page and you should see Dependabot hard at work + +screenshot showing Dependabot working on Version Updates + +After a few minutes, you should get some more PRs!