Working with Dependabot
Guidance and recommendations for working with Dependabot, such as managing pull requests raised by Dependabot, using GitHub Actions with Dependabot, and troubleshooting Dependabot errors.
Managing pull requests for dependency updates
You manage pull requests raised by Dependabot in much the same way as other pull requests, but there are some extra options.
About Dependabot on GitHub Actions runners
GitHub automatically runs the jobs that generate Dependabot pull requests on GitHub Actions if you have GitHub Actions enabled for the repository.
Managing Dependabot on self-hosted runners
You can configure self-hosted runners that Dependabot uses to access your private registries and internal network resources.
Automating Dependabot with GitHub Actions
Examples of how you can use GitHub Actions to automate common Dependabot related tasks.
Keeping your actions up to date with Dependabot
You can use Dependabot to keep the actions you use updated to the latest versions.
Configuring access to private registries for Dependabot
You can configure Dependabot to access dependencies stored in private registries. You can store authentication information, like passwords and access tokens, as encrypted secrets and then reference these in the Dependabot configuration file. If you have registries on private networks, you can also configure Dependabot access when running Dependabot on self-hosted runners.
Guidance for the configuration of private registries for Dependabot
This article contains detailed information about configuring private registries, as well as commands you can run from the command line to configure your package managers locally.
Removing Dependabot access to public registries
Examples of how you can configure Dependabot to only access private registries by removing calls to public registries.
Viewing Dependabot job logs
To support debugging of Dependabot pull requests, GitHub Enterprise Cloud provides logs of all Dependabot jobs.
Troubleshooting the detection of vulnerable dependencies
If the dependency information reported by GitHub Enterprise Cloud is not what you expected, there are a number of points to consider, and various things you can check.
Troubleshooting Dependabot errors
Sometimes Dependabot is unable to raise a pull request to update your dependencies. You can review the error and unblock Dependabot.
Troubleshooting Dependabot on GitHub Actions
This article provides troubleshooting information for issues you may encounter when using Dependabot with GitHub Actions.