Taming Dependabot: Keeping Microservices up to Date
Please log in to watch this conference skillscast.
Industry practices for node projects encourage the development of microservices. In order to keep the project secure you need to keep your dependencies up to date. The more frequently this happens, the easier the fixes are as you are not working through a years worth of release notes. This talk covers the practical details of using dependabot to keep the dependencies of a project up to date.
The set of projects that the team I took over had over 70 repositories of code. Dependabot had recently been enabled and we now faced a backlog of 360 PRs (and these do grow by upto 70 a day).
This is the story of what my team did to get this under control. It also covers how to make Snyk and Dependabot play well together (and explain what happens when they don't).
This is what happens when you enable continuous delivery with dependabot, and what you need to make that happen.
YOU MAY ALSO LIKE:
- Understanding Distributed Systems using OpenTelemetry with Liz Fong-Jones (Online Course on 7th December 2021)
- Deploying Microservices and Traditional Applications with Kubernetes (with Jérôme Petazzoni) (Online Course on 28th March - 1st April 2022)
- Understanding Microservices: A Guide for the Monolithic Developer (SkillsCast recorded in October 2021)
- F# Gives You Superpowers (SkillsCast recorded in October 2021)
Thank you to our sponsors and partners
Platinum
Gold
Taming Dependabot: Keeping Microservices up to Date
Chris Eyre
Chris Eyre is a Software Craftsman at Codurance. As a software craftsman and author, he has over 25 years of experience working in software development across a range of industries. He has worked in Defence, Banking, Insurance, Futures Trading, Betting and Digital Publishing. Chris is a life long learner, keen on Agile and Lean processes and equally at home talking to stakeholders and developers. Chris enjoys reading, middle distance running and films.