Skip to main content

This version of GitHub Enterprise Server was discontinued on 2024-01-04. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Working with Dependabot

Guidance and recommendations for working with Dependabot, such as managing pull requests raised by Dependabot, using GitHub Actions with Dependabot, and troubleshooting Dependabot errors.

Managing pull requests for dependency updates

You manage pull requests raised by Dependabot in much the same way as other pull requests, but there are some extra options.

Automating Dependabot with GitHub Actions

Examples of how you can use GitHub Actions to automate common Dependabot related tasks.

Keeping your actions up to date with Dependabot

You can use Dependabot to keep the actions you use updated to the latest versions.

Configuring access to private registries for Dependabot

You can configure Dependabot to access dependencies stored in private registries. You can store authentication information, like passwords and access tokens, as encrypted secrets and then reference these in the Dependabot configuration file.

Guidance for the configuration of private registries for Dependabot

This article contains detailed information about configuring private registries, as well as commands you can run from the command line to configure your package managers locally.

Troubleshooting the detection of vulnerable dependencies

If the dependency information reported by GitHub Enterprise Server is not what you expected, there are a number of points to consider, and various things you can check.

Troubleshooting Dependabot errors

Sometimes Dependabot is unable to raise a pull request to update your dependencies. You can review the error and unblock Dependabot.