Hi, I've worked with INFRA to enable GitHub dependabot alerts for various Apache projects. The idea is that the GitHub committers for a given project can have access to the page on GitHub (for example for CXF: https://github.com/apache/cxf/security/dependabot) which shows the list of dependencies for the project with known CVEs.
I plan to do the same for Camel on these repos: https://github.com/apache/camel https://github.com/apache/camel-karaf https://github.com/apache/camel-quarkus https://github.com/apache/camel-spring-boot Any objections or anything I'm missing? If not I'll proceed with enabling it. Colm.
