Dependabot

Dependabot Demo Repository

This repo contains some projects with outdated dependencies. Fork it to try out Dependabot :dependabot:!

Enabling Security Updates

  • In your fork, click the Settings tab
  • In the left hand side navigation, click Code security and analysis
  • Enable Dependabot security updates or Grouped security updates
  • Dependabot will now start creating PRs for detected security vulnerabilities
  • Go into the Security tab and click Dependabot in the left hand side navigation to see what Dependabot is working on
screenshot showing Dependabot working on Security Updates

After about 5 minutes you should see some PRs open. Merge them and the Securty Alerts will close 🎉

Enabling Version Updates

This demo includes a dependabot.yml which configures Version Updates, but forks don't automatically start with Dependabot enabled.

The enable Dependabot on your fork:

  • Click the Insights tab
  • In the left hand side navigation, click Dependency Graph
  • Click on the Dependabot tab
  • Click on the Enable Dependabot button
  • After a moment, refresh the page and you should see Dependabot hard at work
screenshot showing Dependabot working on Version Updates

After a few minutes, you should get some more PRs!