I'll suggest to add supply chain security checks and dependabot.
Yeah, that's a good one.
On top of enabling dependabot there must be a commitment to review and fix it's suggestions though! So many projects have it's PRs pending but there is no action at all.
My project olynpm.fresnosa.tech/ (now mostly defunct) was an attempt to get a take on that with progress reporting i.e: olynpm.fresnosa.tech/report?i…
I'll suggest to add supply chain security checks and dependabot.
Yeah, that's a good one.
On top of enabling dependabot there must be a commitment to review and fix it's suggestions though! So many projects have it's PRs pending but there is no action at all.
My project olynpm.fresnosa.tech/ (now mostly defunct) was an attempt to get a take on that with progress reporting i.e: olynpm.fresnosa.tech/report?i…