Taming Dependabot: Keeping Microservices up to Date
Please log in to watch this conference skillscast.
Industry practices for node projects encourage the development of microservices. In order to keep the project secure you need to keep your dependencies up to date. The more frequently this happens, the easier the fixes are as you are not working through a years worth of release notes. This talk covers the practical details of using dependabot to keep the dependencies of a project up to date.
The set of projects that the team I took over had over 70 repositories of code. Dependabot had recently been enabled and we now faced a backlog of 360 PRs (and these do grow by upto 70 a day).
This is the story of what my team did to get this under control. It also covers how to make Snyk and Dependabot play well together (and explain what happens when they don't).
This is what happens when you enable continuous delivery with dependabot, and what you need to make that happen.
YOU MAY ALSO LIKE:
- Microservices Architecture with Jorge Ortiz‑Fuentes (Online Course on 6th - 8th September 2021)
- Better Software Faster with Dave Farley (Online Course on 11th - 12th October 2021)
- Patterns for a Successful Cloud Native Transformation (SkillsCast recorded in June 2021)
- Cloud, OpenSource and Community (SkillsCast recorded in June 2021)
Thank you to our sponsors and partners
Platinum
Gold
Taming Dependabot: Keeping Microservices up to Date
Chris Eyre
Chris Eyre is a Software Craftsman at Codurance. As a software craftsman and author, he has over 25 years of experience working in software development across a range of industries. He has worked in Defence, Banking, Insurance, Futures Trading, Betting and Digital Publishing. Chris is a life long learner, keen on Agile and Lean processes and equally at home talking to stakeholders and developers. Chris enjoys reading, middle distance running and films.