Dependabot
github.com
1
Leaving SiteNav
External Link Disclaimer
You are about to visit github.com. This website is not operated by us. We are not responsible for its content or privacy practices.
About this website
Dependabot is an automated dependency update tool integrated natively into the code hosting platform, created by Grey Baker and Harry Marr in 2017 and acquired by GitHub in 2019. Dependabot automatically scans repositories for outdated dependencies and security vulnerabilities, creating pull requests to update them. As of 2026, Dependabot is used by millions of repositories worldwide and is available for free to all public repositories and to private repositories with GitHub Enterprise. Key features include: security updates (automatically creating PRs when a dependency has a known vulnerability, checked against the GitHub Advisory Database for CVEs and GHSA advisories), version updates (configurable schedule for checking and creating PRs for outdated dependencies, defined via dependabot.yml configuration file), support for over 20 ecosystems including npm, pip, Bundler (Ruby), Composer (PHP), Cargo (Rust), Go modules, Maven (Java), Gradle, NuGet (.NET), Docker, GitHub Actions, Terraform, Elm, Swift, Mix (Elixir), pub (Dart), and npm sub-packages, automatic commit message and PR title generation following conventional commit conventions, auto-rebase capability (automatically rebasing outdated PRs when the base branch advances), reviewer and assignee assignment, label management, grouped updates (combining minor and patch updates into a single PR to reduce noise), ignore rules for specific packages or versions, and integration with GitHub Actions for CI/CD pipeline automation. Dependabot is configured via the .dependabot/config.yml (legacy) or .github/dependabot.yml file.
Tags & Categories
Categories
Tags
Statistics
1
Views
0
Clicks
0
Like
0
Dislike