Dependabot

Dependabot

github.com

1

About this website

Dependabot is an automated dependency update tool integrated natively into the code hosting platform, created by Grey Baker and Harry Marr in 2017 and acquired by GitHub in 2019. Dependabot automatically scans repositories for outdated dependencies and security vulnerabilities, creating pull requests to update them. As of 2026, Dependabot is used by millions of repositories worldwide and is available for free to all public repositories and to private repositories with GitHub Enterprise. Key features include: security updates (automatically creating PRs when a dependency has a known vulnerability, checked against the GitHub Advisory Database for CVEs and GHSA advisories), version updates (configurable schedule for checking and creating PRs for outdated dependencies, defined via dependabot.yml configuration file), support for over 20 ecosystems including npm, pip, Bundler (Ruby), Composer (PHP), Cargo (Rust), Go modules, Maven (Java), Gradle, NuGet (.NET), Docker, GitHub Actions, Terraform, Elm, Swift, Mix (Elixir), pub (Dart), and npm sub-packages, automatic commit message and PR title generation following conventional commit conventions, auto-rebase capability (automatically rebasing outdated PRs when the base branch advances), reviewer and assignee assignment, label management, grouped updates (combining minor and patch updates into a single PR to reduce noise), ignore rules for specific packages or versions, and integration with GitHub Actions for CI/CD pipeline automation. Dependabot is configured via the .dependabot/config.yml (legacy) or .github/dependabot.yml file.

Tags & Categories

Categories

Tags

Statistics

1
Views
0
Clicks
0
Like
0
Dislike

Comments

Log In to post a comment

No comments yet. Be the first!