What is our primary use case?
My overall experience with GitHub Dependabot has been positive. When GitHub Dependabot was introduced in 2017, we did not consider it much at that time. However, in 2021, we started working with it and tried to clear some security issues and create pull requests by using GitHub Dependabot.
We were setting up an Azure DevOps pipeline where we could build Terraform and verify the modules, and by this way, we used GitHub Dependabot. Currently, we are not using it as much because it is already pre-developed. We just need to add the security patch. Apart from that, we are currently using GitHub Dependabot now because I am in a different team. There are multiple teams involved in it, and we provide information about how it can work and what things they need to add to check the securities and vulnerabilities to the code.
Those are the automations. We did not want to do more things; we just needed to set some alerts and vulnerabilities that GitHub will check automatically. It is private, and we are not providing any data outside the organization.
What is most valuable?
The best features in GitHub Dependabot include its use for vulnerabilities, and most of the things we use it for involve creating pull requests for those dependencies, which is why it is so appealing for customers.
The configuration options in GitHub Dependabot have greatly helped me tailor operations to meet my project's needs. We used the YAML file to configure everything, and we use what is called the actions environment, a GitHub environment. We use GitHub environment to configure the confidential data.
What needs improvement?
I do not think there is anything that could be improved about the solution.
For how long have I used the solution?
I did not exactly know how much time it takes because we do not consider GitHub Dependabot afterwards because it is automated. We just need it to provide the vulnerabilities. It takes maybe three to ten minutes max, depending on the project structure and how many dependencies it uses.
What do I think about the stability of the solution?
We found some issues, but they get easily resolved. We are not blocked due to any of the issues.
What do I think about the scalability of the solution?
There are some issues only with the connection to some repositories because some repositories have major confidential information. We do not want to implement these bots to track that code.
How are customer service and support?
I rate the overall technical support of GitHub as good, and I rate it an eight.
How would you rate customer service and support?
What other advice do I have?
I do not use GitHub Dependabot compatibility testing; I do not use this feature. My overall review rating for this product is eight.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
