Taming Dependabot: Keeping Microservices up to Date

Please log in to watch this conference skillscast.

Industry practices for node projects encourage the development of microservices. In order to keep the project secure you need to keep your dependencies up to date. The more frequently this happens, the easier the fixes are as you are not working through a years worth of release notes. This talk covers the practical details of using dependabot to keep the dependencies of a project up to date.

The set of projects that the team I took over had over 70 repositories of code. Dependabot had recently been enabled and we now faced a backlog of 360 PRs (and these do grow by upto 70 a day).

This is the story of what my team did to get this under control. It also covers how to make Snyk and Dependabot play well together (and explain what happens when they don't).

This is what happens when you enable continuous delivery with dependabot, and what you need to make that happen.

YOU MAY ALSO LIKE:

• Better Software Faster with Dave Farley (Online Course on 12th - 13th July 2021)
• Microservices Architecture with Jorge Ortiz‑Fuentes (Online Course on 6th - 8th September 2021)
• Practical Tips and Tricks for CI/CD Success (Online Meetup on 13th May 2021)
• LDN *Virtual* Talks May 2021 (Online Meetup on 27th May 2021)
• How to Simplify Parsing with Genie Dq (SkillsCast recorded in April 2021)
• How I save myself 30+ minutes a day as a Network Engineer using Ansible (SkillsCast recorded in April 2021)