Add dependabot for security testing

Signed-off-by: thepetk <thepetk@gmail.com>
devfile · Feb 29, 2024 · 1b08b7e · 1b08b7e
1 parent 14f4e44
commit 1b08b7e
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/SECURITY-INSIGHTS.yaml b/SECURITY-INSIGHTS.yaml
@@ -15,16 +15,18 @@ project-lifecycle:
   - github:Jdubrick
   - github:thepetk
   release-cycle: https://github.com/devfile/alizer/blob/main/README.md#release-process
+security-testing:
+- tool-type: sca
+  tool-name: Dependabot
+  comment: |
+    Dependabot is enabled for this repo.
 contribution-policy:
   accepts-pull-requests: true
   accepts-automated-pull-requests: true
   contributing-policy: https://github.com/devfile/alizer/blob/main/CONTRIBUTING.md
   code-of-conduct: https://github.com/devfile/api/blob/main/CODE_OF_CONDUCT.md
 documentation:
 - https://github.com/devfile/alizer/blob/main/docs/public/alizer-spec.md
-security-contacts:
-- type: email
-  value: security@openssf.org
 dependencies:
   third-party-packages: true
   dependencies-lists: