Skip to content

docs: add GitHub Dependabot comparison to comparison.md#255

Merged
sonukapoor merged 1 commit intomainfrom
docs/issue-254-dependabot-comparison
Apr 29, 2026
Merged

docs: add GitHub Dependabot comparison to comparison.md#255
sonukapoor merged 1 commit intomainfrom
docs/issue-254-dependabot-comparison

Conversation

@sonukapoor
Copy link
Copy Markdown
Collaborator

@sonukapoor sonukapoor commented Apr 29, 2026

Adds a dedicated CVE Lite CLI vs GitHub Dependabot section to docs/comparison.md, prompted by issue #249 where a user compared results and defaulted to trusting Dependabot.

  • Adds Dependabot as a column in both comparison tables
  • Explains why scan results may differ (OSV ingests GHSA, so it's not a coverage gap — the real causes are ingestion timing, version range matching, and transitive classification methodology)
  • Documents five concrete areas where CVE Lite goes further: developer-time scanning, validated fix commands, fix version validation, usage-aware reachability, and offline support
  • Honest about where Dependabot has the edge (automation, multi-ecosystem, GitHub-native UI)
  • Closes with a complementary use framing

Closes #254

@sonukapoor sonukapoor merged commit b5af066 into main Apr 29, 2026
4 checks passed
@sonukapoor sonukapoor deleted the docs/issue-254-dependabot-comparison branch April 29, 2026 01:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

docs: add GitHub Dependabot comparison to docs/comparison.md

1 participant

@sonukapoor