Securing blog code repositories

Keeping Developer Blog code repositories updated

If your code uses any managed dependencies via Composer or npm, you are required to enable Dependabot workflows on the repository you create in the wptrainingteam GitHub organization. This ensures that any dependencies used in these repositories are kept up to date, minimizing the chance of security issues. Dependabot can be configured to regularly check for updates and create pull requests to update the dependencies, notify you to review and merge the pull request, or automatically merge it on your behalf.

To ensure Dependabot is correctly enabled and configured, please make sure to follow the following steps.

(required) Enable branch protection rules on the default branch of your repository.
(required) Add the Dependabot configuration to your repository.
(optional) Add the auto-approve and auto-merge workflows.

In some cases, the auto-merge workflow might fail due to conflicts. [In such cases, you will need to manually review and merge the pull requests created by Dependabot.](Auto-merge failures and merge conflicts)

Monthly meetings take place on every first Thursday of the month in the #core-dev-blog Slack channel or the #core-dev-blog room in the community matrix

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Securing blog code repositories

Keeping Developer Blog code repositories updated

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally