Working with Dependabot

You manage pull requests raised by Dependabot in much the same way as other pull requests, but there are some extra options.

GitHub automatically runs the jobs that generate Dependabot pull requests on GitHub Actions if you have GitHub Actions enabled for the repository. When Dependabot is enabled, these jobs will run by bypassing Actions policy checks and disablement at the repository or organization level.

Examples of how you can use GitHub Actions to automate common Dependabot related tasks.

You can use Dependabot to keep the actions you use updated to the latest versions.

You can configure Dependabot to access dependencies stored in private registries. You can store authentication information, like passwords and access tokens, as encrypted secrets and then reference these in the Dependabot configuration file. If you have registries on private networks, you can also configure Dependabot access when running Dependabot on self-hosted runners.

This article contains detailed information about configuring private registries, as well as commands you can run from the command line to configure your package managers locally.

Detailed information for all the options you can use to customize how Dependabot maintains your repositories.

You can configure the Actions Runner Controller to run Dependabot on self-hosted runners.

You can configure an Azure Virtual Network (VNET) to run Dependabot on GitHub-hosted runners.