13 lines
702 B
Markdown
13 lines
702 B
Markdown
---
|
|
title: "Dependency Update Scan"
|
|
ring: trial
|
|
quadrant: methods-and-patterns
|
|
tags: [security, ci/cd]
|
|
---
|
|
|
|
Tools for automated dependency updates continue to offer a big productivity gain when integrated well into the build workflow.
|
|
|
|
Nonetheless, this comes not without a word of warning.
|
|
While it's great in theory, constant updates might quickly lead to a bombardment of merge requests.
|
|
It is crucial that the chosen tools work reliably and are really well integrated. Otherwise, this might become overwhelming for teams.
|
|
As an alternative, we also had good experience with disabled automatic merge requests and just manually triggered a job when we wanted to take care of the updates. |