From 241a17891013ec5fff8aa65e52b2680a1eb6d245 Mon Sep 17 00:00:00 2001
From: Thomas Vuillaume <thomas.vuillaume@lapp.in2p3.fr>
Date: Wed, 7 Jan 2026 14:04:02 +0100
Subject: [PATCH 1/3] Add indicators for dependabot (#163)

---
 data/software-tools/dependabot.json | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/data/software-tools/dependabot.json b/data/software-tools/dependabot.json
index 3968f473..299a0d44 100644
--- a/data/software-tools/dependabot.json
+++ b/data/software-tools/dependabot.json
@@ -21,12 +21,24 @@
   ],
   "description": "Automated dependency management service that continuously monitors research software dependencies for security vulnerabilities and updates, maintaining software security and reducing technical debt for long-term sustainability.",
   "hasQualityDimension": [
-    { "@id": "dim:security", "@type": "@id" },
-    { "@id": "dim:maintainability", "@type": "@id" }
+    {
+      "@id": "dim:security",
+      "@type": "@id"
+    },
+    {
+      "@id": "dim:maintainability",
+      "@type": "@id"
+    }
   ],
   "howToUse": ["CI/CD", "command-line"],
   "isAccessibleForFree": true,
   "license": "https://spdx.org/licenses/MIT",
   "name": "Dependabot",
-  "url": "https://github.com/dependabot"
+  "url": "https://github.com/dependabot",
+  "measuresQualityIndicator": [
+    {
+      "@id": "https://w3id.org/everse/i/indicators/dependency_management",
+      "@type": "@id"
+    }
+  ]
 }

From dd17d35e237dd136bc8a83a9de9111aa84e276e1 Mon Sep 17 00:00:00 2001
From: Thomas Vuillaume <thomas.vuillaume@lapp.in2p3.fr>
Date: Wed, 1 Apr 2026 09:29:49 +0200
Subject: [PATCH 2/3] add static_analysis_common_vulnerabilities to measured
 indicators of dependabot

---
 data/software-tools/dependabot.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/data/software-tools/dependabot.json b/data/software-tools/dependabot.json
index 299a0d44..8d4e14c2 100644
--- a/data/software-tools/dependabot.json
+++ b/data/software-tools/dependabot.json
@@ -36,9 +36,9 @@
   "name": "Dependabot",
   "url": "https://github.com/dependabot",
   "measuresQualityIndicator": [
-    {
-      "@id": "https://w3id.org/everse/i/indicators/dependency_management",
-      "@type": "@id"
-    }
+      "https://w3id.org/everse/i/indicators/dependency_management",
+  ],
+  "rs:improvesQualityIndicator": [
+      "https://w3id.org/everse/i/indicators/static_analysis_common_vulnerabilities"
   ]
 }

From 4d981fc2634c4d701002ae63a0549e3f133cfbb3 Mon Sep 17 00:00:00 2001
From: Thomas Vuillaume <thomas.vuillaume@lapp.in2p3.fr>
Date: Wed, 1 Apr 2026 09:30:54 +0200
Subject: [PATCH 3/3] Fix JSON structure for Dependabot indicators

---
 data/software-tools/dependabot.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/software-tools/dependabot.json b/data/software-tools/dependabot.json
index 8d4e14c2..8194b34e 100644
--- a/data/software-tools/dependabot.json
+++ b/data/software-tools/dependabot.json
@@ -36,9 +36,9 @@
   "name": "Dependabot",
   "url": "https://github.com/dependabot",
   "measuresQualityIndicator": [
-      "https://w3id.org/everse/i/indicators/dependency_management",
+      "https://w3id.org/everse/i/indicators/dependency_management"
   ],
-  "rs:improvesQualityIndicator": [
+  "improvesQualityIndicator": [
       "https://w3id.org/everse/i/indicators/static_analysis_common_vulnerabilities"
   ]
 }