syft/.github/dependabot.yml
Alex Goodman 506ad5d6a7
refactor release pipeline: TAG_TOKEN, skip-checks gate, dependabot/zizmor cleanup (#5003)
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
2026-06-22 14:04:48 -04:00

37 lines
817 B
YAML

# Dependabot configuration
version: 2
updates:
- package-ecosystem: gomod
directories:
- "/"
- "/.make"
cooldown:
default-days: 7
schedule:
interval: "weekly"
day: "friday"
open-pull-requests-limit: 10
labels:
- "dependencies"
ignore:
- dependency-name: "github.com/aquasecurity/go-pep440-version"
- dependency-name: "github.com/aquasecurity/go-version"
- dependency-name: "github.com/knqyf263/go-apk-version"
- dependency-name: "github.com/knqyf263/go-deb-version"
- package-ecosystem: "github-actions"
directories:
- "/"
- "/.github/actions/*"
cooldown:
default-days: 7
schedule:
interval: "weekly"
day: "friday"
open-pull-requests-limit: 10
labels:
- "dependencies"