Dependabot

Export Dependabot alerts from GitHub, then run ca9 reachability analysis locally or in CI.

gh api repos/{owner}/{repo}/dependabot/alerts > dependabot.json
ca9 check dependabot.json --repo .

With coverage

coverage run -m pytest
coverage json -o coverage.json
ca9 check dependabot.json --repo . --coverage coverage.json

Upload to GitHub code scanning

ca9 check dependabot.json --repo . -f sarif -o ca9.sarif

Upload ca9.sarif with github/codeql-action/upload-sarif.