Taming Dependabot: Keeping Microservices up to Date

Please log in to watch this conference skillscast.

In this talk, Chris Eyre looks at how he uses "dependabot" to manage 70 GitHub repositories.

Industry practices for node projects encourage the development of microservices. In order to keep the project secure you need to keep your dependencies up to date. The more frequently this happens, the easier the fixes are as you are not working through a years worth of release notes. This talk covers the practical details of using dependabot to keep the dependencies of a project up to date.

The set of projects that the team I took over had over 70 repositories of code. Dependabot had recently been enabled and we now faced a backlog of 360 PRs (and these do grow by upto 70 a day).

This is the story of what my team did to get this under control. It also covers how to make Snyk and Dependabot play well together (and explain what happens when they don't).

This is what happens when you enable continuous delivery with dependabot, and what you need to make that happen.

YOU MAY ALSO LIKE:

• Better Software Faster with Dave Farley (Online Course on 8th - 9th February 2021)
• Microservices Architecture with Jorge Ortiz‑Fuentes (Online Course on 15th - 17th February 2021)
• μCon: The Microservices eXchange (Online Conference on 13th - 14th April 2021)
• Introducing AWS Immersion Days (Online Meetup on 11th February 2021)
• Event-Driven Microservices: The Sense, Nonsense and a Way Forward (SkillsCast recorded in December 2020)
• Lightning Talk: E Pluribus Unum – Adventures in Polycloud Delivery (SkillsCast recorded in December 2020)