feat: add auto merge of PRs

wurstbrot · wurstbrot · commit 8f9ea61b80c2 · 2024-04-04T14:01:04.000+02:00
diff --git a/src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml b/src/assets/YAML/default/BuildAndDeployment/PatchManagement.yaml
@@ -204,3 +204,31 @@ Build and Deployment:
       isImplemented: false
       evidence: ""
       comments: ""
+  Automated merge of automated PRs:
+    uuid: f2594f8f-1cd6-45f9-af29-eaf3315698eb
+    description: |-
+      Automated merges of automated created PRs for outdated dependencies.
+    risk:
+      Vulnerabilities in running containers stay for too long and might get
+      exploited.
+    measure: |
+      A good practice is to merge trusted dependencies (e.g. spring boot) after a grace period like one week.
+      Often, patches, fixes and minor updates are automatically merged. Be aware that automated merging requires a high
+      automated test coverage.
+    difficultyOfImplementation:
+      knowledge: 2
+      time: 1
+      resources: 1
+    usefulness: 3
+    level: 2
+    implementation:
+      - $ref: src/assets/YAML/default/implementations.yaml#/implementations/dependabot
+      - $ref: src/assets/YAML/default/implementations.yaml#/implementations/renovate
+    references:
+      samm2:
+        - O-EM-2-B
+      iso27001-2017:
+        - 12.6.1
+      iso27001-2022:
+        - 8.8
+    comments: ""
diff --git a/src/assets/YAML/default/implementations.yaml b/src/assets/YAML/default/implementations.yaml
@@ -83,8 +83,13 @@ implementations:
   dependabot:
     uuid: d6292c7d-aab7-43d3-a7c6-1e443b5c1aa4
     name: dependabot
-    tags: []
+    tags: ["auto-pr", "patching"]
     url: https://dependabot.com/
+  renovate:
+    uuid: 8228266e-e04f-40ba-94c8-bfadc5310920
+    name: renovate
+    tags: ["auto-pr", "patching"]
+    url: https://github.com/renovatebot/renovate
   jenkins:
     uuid: 42ddb49f-48f2-4a3a-b76a-e73104ac6971
     name: Jenkins
