I would like to leverage the "security features" of GitHub like Dependabot alerts and Code scanning alerts.
First question: Do we want this? Does anyone object? Second question: Is this possible with our GitHub setup? I known that this question might be better suited for the infra list, but OTOH I know that some infra guys are here as well. While Dependabot seems to be only a matter of activating which might be easy I understand that The Code scanning alerts run as GitHub actions and I am not sure if we can use GitHub actions or what the limits are as for the CI stuff we use Travis. Regards RĂ¼diger
