Table of contents
- Create Dependency Scan Prompts
- Schedule Regular Scans
- Plan Safe Upgrades
- Automate Safe Updates
- Example Configurations
- Next Steps
- FAQ
Create Dependency Scan Prompts
Create ~/.openclaw/workspace/prompts/deps-scan.md:
# Dependency Security Scan
Scan all package files for:
- Outdated dependencies
- Known vulnerabilities (CVEs)
- License compatibility issues
- Deprecated packages
Report severity levels and suggest upgrade paths.Schedule Regular Scans
Add to ~/.openclaw/openclaw.json:
{
"automation": {
"deps-scan": {
"schedule": "0 2 * * 1",
"prompt": "file:prompts/deps-scan.md",
"target": "slack"
}
}
}Runs every Monday at 2 AM.
Plan Safe Upgrades
Create ~/.openclaw/workspace/prompts/deps-upgrade.md:
# Dependency Upgrade Plan
For outdated packages:
1. Check breaking changes in release notes
2. Test in staging environment
3. Create rollback plan
4. Schedule maintenance window
5. Deploy with monitoring
Require approval for production upgrades.Automate Safe Updates
Configure automatic updates for non-breaking changes:
{
"automation": {
"deps-update": {
"schedule": "0 3 * * 0",
"prompt": "file:prompts/deps-update.md",
"autoApprove": false,
"target": "slack"
}
}
}Example Configurations
Node.js Project
Check package.json for outdated deps
Test upgrades in npm test
Auto-update patch versions onlyPython Project
Scan requirements.txt for security issues
Check PyPI for latest versions
Update pip packages in virtualenvDocker Environment
Scan base images for vulnerabilities
Update base images with security patches
Monitor container registry updatesNext Steps
FAQ
Q: How does OpenClaw detect vulnerabilities?
A: It integrates with CVE databases and checks security advisories.
Q: Can it update packages automatically?
A: Yes, but requires approval. Configure safe update rules.
Q: What about private registries?
A: Configure registry credentials and authentication tokens.
Q: How are breaking changes handled?
A: Upgrade plans include testing and rollback procedures.