Community AMA featuring Harry Marr and Dependabot 2021-03-25

What: Join Engineering Manager and Co-Founder of Dependabot Harry Marr on our first GitHub Security Community AMA, an hour of learning and discussion about Dependabot.

  • Keeping dependencies updated is a crucial part of securing your software supply chain, whether you’re working on an open source project or a large enterprise. Dependabot helps keep your dependencies up-to-date.

Where: The AMA will take place as here in this event topic.

Event will be opened 10 minutes before the start time.

More Information: For more information about GitHub’s security features check out our feature docs page.

:space_invader:

7 Likes

More about @hmarr:

Hello! I’m Harry

I’m an engineering manager at GitHub, and the co-founder of Dependabot, a friendly robot that keeps software dependencies up to date.

Previously, I helped build Monzo and GoCardless.

I go by @hmarr on GitHub and most other places (except Twitter, where I’m @harrymarr.)

5 Likes

hello am abdulazeez i study code

2 Likes

We are so excited to kick off this event tomorrow! A quick change to the format: The Q&A will be held right here in this event post! If you are reading this… you are in the right place :grinning_face_with_smiling_eyes:

I’m locking this post for now and will reopen it for you to post questions. Unlocking will happen on event day at 9:20pm UTC.

Share this event with your friends for a chance to win some awesome swag…send your shared screenshot to andreagriffiths11@github.com to be entered in the swag promotion.

See you tomorrow.
:space_invader:

3 Likes

Topic is now open and will remain so until the AMA is over at which time it will revert to read-only mode! We’ll start at 9:30pm UTC | 2:30pm PT.

:space_invader:

3 Likes

Welcome to the GitHub community AMA, we are excited to be joined by Engineering Manager and Co-Founder of Dependabot Harry Marr .

We are standing by live to answer your questions. To submit a question, click “Reply”.

All participants will be awarded the new AMA badge and are eligible for a random swag drop (form link posted at the end)

3 Likes

Hi folks! I’m Harry. I’m co-founded Dependabot back in 2017 and now work at GitHub as the engineering manager for the Dependabot team. Before Dependabot, I spent most of my career working in fintech startups in the UK.

Feel free to ask me anything about Dependabot, GitHub, or whatever else comes to mind!

5 Likes

Hello guys
I am very happy to join you now

Warm congratulations to Harry

2 Likes

Welcome, @myn97! Thanks for being here.

1 Like

Hello everyone :grin:

2 Likes

Hi welcome @ChristianPineda, welcome thank you for joining!

1 Like

@hmarr How do you build Dependabot? and why? only for automation?

1 Like

hi all hope everyone is good

3 Likes

Hi Christian! Dependabot actually grew out of an internal tool that I helped build at a past company I worked at. We were spending a lot of time manually upgrading dependencies, so wrote a small cron job to automate upgrades of Ruby gems.

After leaving that company @greysteil, @feelepxyz and I figured that other developers could benefit from the tool too, so we built Dependabot. It’s a lot more complex than a simple cron job now – as part of GitHub it’s active on millions of repositories so handling the scale has required quite a bit of work, but it’s still fundamentally the same idea.

A lot of the code lives in GitHub - dependabot/dependabot-core: 🤖 The core logic behind Dependabot's update PR creation, and the public issue tracker for all things Dependabot so you can peer under the hood and take a look if you’re interested!

6 Likes

Good morning (or evening if you are in America) everyone! Hope everyone is having a good time. I have never used Dependabot before, so I came here just to ask @hmarr how it works, in hopes of using it more often in my projects. Thanks!

1 Like

It has doubled the size of Dependabot’s team; expect lots of great improvements over the coming months…

This is great work. Can you tell us about these improvements

1 Like