Thank you for trying both scan and ShiftLeft nextgen with this repo. However, I am finding it a bit difficult to understand the true purpose of this repo since I'm not seeing any development activity. To make matters worse, the dependency bot used in this repo is creating way too many PR and force pushes resulting in 3 builds per push, an average of 6 build minutes (roughly 2 min each) per event.
Looking at the history, there have been around 800 such builds and 100 automated PR.
The recent performance problems with GitHub Actions and API are well known. While there is no cost involved because of this repo being public, turning off the noisy dependency bot in fact would help the wider open-source community since those 1000s of compute minutes can be used for something more useful.
Meanwhile, I'm enhancing scan to detect such automated PR and skip performing the scan as part of issue 192. Please get in touch with me via this issue or by email if you do not want us the turn off scans for bot-based PRs.
Thank you for trying both scan and ShiftLeft nextgen with this repo. However, I am finding it a bit difficult to understand the true purpose of this repo since I'm not seeing any development activity. To make matters worse, the dependency bot used in this repo is creating way too many PR and force pushes resulting in 3 builds per push, an average of 6 build minutes (roughly 2 min each) per event.
Looking at the history, there have been around 800 such builds and 100 automated PR.
The recent performance problems with GitHub Actions and API are well known. While there is no cost involved because of this repo being public, turning off the noisy dependency bot in fact would help the wider open-source community since those 1000s of compute minutes can be used for something more useful.
Meanwhile, I'm enhancing scan to detect such automated PR and skip performing the scan as part of issue 192. Please get in touch with me via this issue or by email if you do not want us the turn off scans for bot-based PRs.