Dependabot is really nice. I activated it on my repo and it create a PR with the updated dependency, showing the "crowd sourced" chance it could be integrated safely.
Semmle(LGTM) could be useful on a big codebase but for a simple webapp it didn't provide anything interesting.
No comments yet.