The ASF infra sent this message to the announces list. I have no idea what kind of analysis they carry out on the code but I think we wouldn't get many alerts since Rivet is not that big. I'm going to read more on this and if you agree I will ask for the service be enabled for Apache/Tcl
-- Massimo ------------------------------------------------------------- Hi folks, Infra is pleased to announce that GitHub’s Dependabot service has been approved for use by ASF Legal and Infra, and is now enabled for all repos. Dependabot will create PRs in your repo with recommended security updates for your project. It is entirely up to the project to accept or reject these PRs. Dependabot Alerts can also be configured per-project, but currently the notifications go to Org Admins only. If your project wishes to receive Dependabot Alerts via email, please open an Infra Jira ticket so that we can add your committer team to the alerts. -Chris ASF Infra --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
