Dependabot commits always fail ECA validation
In terms of what the service is checking, failure is the correct answer, but we should probably look at how we validate users to see if there is a clean way of handling accounts like dependabot (widespread usage external bots).