I’m really bad at keeping my dependencies up-to-date manually, so dependabot was great for me. I don’t use github anymore though, and I haven’t really been able to find a good alternative.

I found Snyk, which seems to do that, but they only allow logging in with 3rd party providers which I’m not a big fan of.

Edit: seems like Snyk also only supports a few git hosts, and Codeberg isn’t one of them.

  • taaz@biglemmowski.win
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    2 months ago

    Afaik you can self-host the Renovate bot, though don’t remember if it’s fully open source & self-contained.

  • Gamma@beehaw.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    Been using Renovate a few months now. On large repos it can take a while to run (the git api is slow for certain pages when comparing commits), but it does seem to work well! It’s even got CVE notifications