Search for a command to run...
Automated dependency update tool integrated into GitHub that creates pull requests to keep project dependencies current. Covers both security patches and general version bumps by checking manifest files against latest releases and opening PRs for review.
Part of GitHub's code security suite and native to every repository. Stands out by being built-in and free for all GitHub repositories, with no separate service to configure, unlike third-party tools such as Renovate. Supports both version updates and security updates with configurable schedules and grouping.
Key capabilities:
Development teams rely on it to keep production apps current with security patches without manual checking. Open source maintainers use it to surface outdated transitive dependencies and batch updates on a weekly or monthly schedule. CI/CD pipelines benefit from automated GitHub Actions workflow updates.