ci-templates

Dependabot Security Workflow

Reusable GitHub Actions workflow to handle Dependabot PRs across the org.

Features:

Only runs for PRs opened by dependabot[bot]
Creates or reuses a tracking issue (labels: dependabot, security if GHSA)
Mentions a configurable team/users
Optionally auto-merges the PR after all checks pass

Usage

# .github/workflows/dependabot-security.yml
name: Dependabot security

on:
  pull_request:
    types: [opened, reopened, synchronize]

permissions:
  issues: write
  contents: write
  pull-requests: write
  checks: read
  statuses: read

jobs:
  dependabot-security:
    uses: corbado/ci-templates/.github/workflows/dependabot-security.yml@main
    secrets:
      repo-token: ${{ secrets.GITHUB_TOKEN }}
    with:
      auto-merge: true # or false for "issue only"
      team_mention: "@Dopeamin / @snacker81" # optional override

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
.github/workflows		.github/workflows
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

ci-templates

Dependabot Security Workflow

Usage

About

Uh oh!

Releases

Packages

corbado/ci-templates

Folders and files

Latest commit

History

Repository files navigation

ci-templates

Dependabot Security Workflow

Usage

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages