Is Dependabot able to scan Docker/OCI images? #128902
Unanswered
53845714nF
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Question
Body
I have just read GitHub Dependabot docs
If I understand correctly, Dependabot is able to scan my repo, including my Dockerfile.
It is also able to log in to my registry to make updates.
But does it also look directly into the images? It could be that my base image is compromised.
Beta Was this translation helpful? Give feedback.
All reactions