DEV Community

Cover image for Is there any tool for automating GitHub repo vulnerabilities fixing?
Noman Gul
Noman Gul

Posted on

Is there any tool for automating GitHub repo vulnerabilities fixing?

Right now, My Gmail is full of vulnerabilities emails from GitHub.

So, if there is any tool/bot available for fixing, please let me know in comments

Top comments (2)

Collapse
 
ahferroin7 profile image
Austin S. Hemmelgarn

Not 100% automatic (but this type of thing absolutely should not be 100% automated), but you can opt-in to getting automated PR's from GitHub that fix the vulnerabilities it finds as they are found.

You can turn this on by going to the repository's 'Security' tab. At the top right of the 'Alerts' page on the security tab, there should be a button that says 'Automated Security Fixes'. Click it, then select the 'Automated Security Fixes' item in the drop-down that comes up.

This obviously requires that you're using a packaging system that GitHub recognizes (though you wouldn't be getting security alerts if you weren't). Somewhat interestingly, it seems to be freely available for private repositories even if you don't have a Pro account, though I'm not sure if it actually works or not.

Under the hood, this is powered by Dependabot (which was acquired by GitHub back in May).

Collapse
 
amorpheuz profile image
Yash Dave

dependabot.com/ you should check this out!