Hi from the Dependabot team! We're working on a fix for the Typescript @types problem that should be available very soon.
Dependabot was created with the philosophy that staying up to date all the time is the best strategy. The main reason for that is because if you wait to update until there's a CVE, there's a chance that you'll be so far…
Thanks for your comment! I'm Justin Hutchings, the author of that blog, and you're right that it was pretty narrowly focused on dependencies. We've been making a concerted effort to post about a number of security…
Code scanning itself isn't language specific. There are open source and commerical tools for many languages available. CodeQL is GitHub's first party tool, and it supports C, C++, C#, Go, Java, JavaScript, Typescript,…
Hi from the Dependabot team! We're working on a fix for the Typescript @types problem that should be available very soon.
Dependabot was created with the philosophy that staying up to date all the time is the best strategy. The main reason for that is because if you wait to update until there's a CVE, there's a chance that you'll be so far…
Thanks for your comment! I'm Justin Hutchings, the author of that blog, and you're right that it was pretty narrowly focused on dependencies. We've been making a concerted effort to post about a number of security…
Code scanning itself isn't language specific. There are open source and commerical tools for many languages available. CodeQL is GitHub's first party tool, and it supports C, C++, C#, Go, Java, JavaScript, Typescript,…