nicholasdille
diff --git a/‎170_supply_chain_security/renovate/slides.md
+38-28 b/‎170_supply_chain_security/renovate/slides.md
+38-28
diff --git a/‎2024-01-31_Devsmeetup-Dependency-Updates.html
+3-3 b/‎2024-01-31_Devsmeetup-Dependency-Updates.html
+3-3
diff --git a/‎images/favicons/renovate.ico
14.7 KB b/‎images/favicons/renovate.ico
14.7 KB
diff --git a/‎images/logos/renovate.png
5.5 KB b/‎images/logos/renovate.png
5.5 KB
@@ -62,9 +62,11 @@ Versions stored in variables in scripts
 
 ![](images/tenor-this-is-fine-gif-24177057.gif) <!-- .element: style="float: right; width: 40%;" -->
 
-### Provides visibility
+SBOM is an inventory of dependencies
 
-The world is on fire
+Provides visibility
+
+Can be matched against known vulnerabilities
 
 ### Auditing is the last resort
 
@@ -130,6 +132,8 @@ Outdated requirements.txt for Python tools
 
 ## Automated dependency updates
 
+![](images/logos/renovate.png) <!-- .element: style="float: right;" -->
+
 ### Enter Renovate
 
 Open Source implemented in TypeScript [](https://github.com/renovatebot/renovate)
@@ -150,14 +154,18 @@ Proposes update in pull/merge requests
 
 ## Renovate Features
 
-**Platforms**: Azure DevOps (Server), BitBucket, AWS CodeCommit, Gitea/Forgjo, GitHub, GitLab
+![](images/logos/renovate.png) <!-- .element: style="float: right;" -->
+
+**Platforms**: Azure DevOps (Server), BitBucket, AWS CodeCommit, Gitea/Forgejo, GitHub, GitLab
 
 **Datasources**: crate, docker, git-tags, gitea-releases, github-releases, gitlab-releases, go, helm, maven, npm, nuget, pypi, rubygems (and dozens more)
 
 Custom Managers for special use cases
 
 **Deployment options**: GitHub App, Self-hosted
 
+### Implications
+
 Powerful but complex
 
 Initially many and/or breaking updates
@@ -204,19 +212,23 @@ Enable automerge for them
 
 ## Monitoring
 
-XXX
+Nothing out-of-the-box
 
 ### Operations
 
-XXX filter log for errors / failures
+Filter log for errors / failures for...
+
+- Configuration errors
+- Permission issues
+- Rate limits
 
 ### Up-to-dateness
 
-XXX
+Failures will show in the log
 
 ### Security
 
-XXX SBOM
+Create and analyze SBOM
 
 ---
 
@@ -249,39 +261,37 @@ Ships with regex to match comment above and configure Renovate
 
 ---
 
-## Vulnerability Alerts
-
-XXX
+## Merge Confidence
 
-XXX Integration with GitHub and Dependabot to show updates addressing security alerts [](https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts)
+Merge Confidence [](https://docs.renovatebot.com/merge-confidence/) supports merge decisions
 
-### Requirements
+Based on data collect from countless PRs on GitHub
 
-https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph
+Supported ecosystems: Go, JavaScript, Java, Python, .NET, PHP, Ruby
 
-https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository
+### Information provided
 
----
+**Age** of the package
 
-## Merge Confidence
+**Adoption** percentage for other Renovate users with this release
 
-XXX
+**Passing** percentage of updates with successful checks
 
-XXX Merge Confidence [](https://docs.renovatebot.com/merge-confidence/) supports merge decisions for many languages
+**Confidence** calculated by proprietary algorithm
 
-XXX collect data from countless PRs
+---
 
-XXX supported languages: go, javascript/npm, java/maven, python/pypi, .NET/nuget, PHP/packagist, ruby/rubygems
+## Vulnerability Alerts
 
-### Information
+Show updates addressing security alerts [](https://docs.renovatebot.com/configuration-options/#vulnerabilityalerts)
 
-XXX age of the package
+Integrates with GitHub and Dependabot
 
-XXX adoption: percentage of Renovate users with this release
+### Requirements
 
-XXX passing: percentage of updates with successful checks
+Enable GitHub Dependency Grapg [](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph#enabling-the-dependency-graph)
 
-XXX confidence: result of proprietary algorithm
+Enable alert from Dependabot [](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository)
 
 ---
 
@@ -319,11 +329,11 @@ over 6.725 merged PRs
 
 ~9 PRs per day
 
-90% merged after ~1min (~6.050 PRs)
+90% merged after ~1min (6.050 PRs)
 
-95% merged after ~3min (~6.390 PRs)
+95% merged after ~3min (6.390 PRs)
 
-98% merged after ~10min (~6.590 PRs)
+98% merged after ~10min (6.590 PRs)
 
 ---
 
 
@@ -7,7 +7,7 @@
 <title>Dependency Updates</title>
 
 <!-- https://gauger.io/fonticon/ -->
-<link rel="icon" href="images/kubernetes.ico"/>
+<link rel="icon" href="images/favicons/renovate.ico"/>
 
 <link rel="stylesheet" href="media/[email protected]/dist/reveal.css"/>
 <link rel="stylesheet" href="media/[email protected]/font.css"/>
@@ -55,7 +55,7 @@
 - <span class="fa-li"><i class="fa-duotone fa-link"></i></span> Ops and Devs require many dependencies
 - <span class="fa-li"><i class="fa-duotone fa-lock-keyhole"></i></span> Dependencies introduce (additional) security issues
 - <span class="fa-li"><i class="fa-duotone fa-arrows-rotate"></i></span> Automated updates help stay on top
-- <span class="fa-li"><i class="fa-duotone fa-crosshairs"></i></span> Automerging takes the load off devs/ops...
+- <span class="fa-li"><i class="fa-duotone fa-crosshairs"></i></span> Automerging takes the load off dev and ops...
 - <span class="fa-li"><i class="fa-duotone fa-magnifying-glass-chart"></i></span> ...but requires thorough testing
 
 <!-- .element: class="fa-ul" style="line-height: 1.5em;" -->
@@ -68,7 +68,7 @@
 
 2024-04-10 heise Workshop: [Einführung in GitLab](https://heise-academy.de/schulungen/einfuehrung-in-gitlab)
 
-2024-04-16 [Mastering GitOps](https://www.mastering-gitops.de) - [GitOps und RenovateBot: Die Zukunft der automatisierten Promotion?](https://www.mastering-gitops.de/veranstaltung-21902-se-0-gitops-und-renovatebot-die-zukunft-der-automatisierten-promotion.html)
+2024-04-16 [Mastering GitOps](https://www.mastering-gitops.de) - [GitOps und RenovateBot](https://www.mastering-gitops.de/veranstaltung-21902-se-0-gitops-und-renovatebot-die-zukunft-der-automatisierten-promotion.html)
 
 2024-04-17+24 heise Workshop: [CI/CD mit GitLab](https://heise-academy.de/schulungen/cicd-gitlab)
 </textarea></section>