Github에서 취약점 자동 검사

.github/dependabot.yml

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/frontend"
    target-branch: "main"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
    labels:
      - "dependencies"

  - package-ecosystem: "gradle"
    directory: "/backend"
    target-branch: "main"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
    labels:
      - "dependencies"

  - package-ecosystem: "github-actions"
    directory: "/"
    target-branch: "main"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    labels:
      - "dependencies"

설정 설명:

• directory: /frontend - frontend 디렉토리의 npm 의존성 모니터링
• target-branch: main - Dependabot PR이 main 브랜치를 대상으로 생성됨
• schedule: 매주 월요일마다 자동으로 의존성 체크
• open-pull-requests-limit: 동시에 열 수 있는 PR의 최대 개수 10개
• labels: PR에 "dependencies" 라벨 자동 추가