Working with Dependabot

You manage pull requests raised by Dependabot in much the same way as other pull requests, but there are some extra options.

Running Dependabot on GitHub Actions allows for better performance, and increased visibility and control of Dependabot jobs.

You can configure GitHub Actions self-hosted runners that Dependabot uses to access your private registries and internal network resources.

Examples of how you can use GitHub Actions to automate common Dependabot related tasks.

You can use Dependabot to keep the actions you use updated to the latest versions.

You can configure Dependabot to access dependencies stored in private registries. You can store authentication information, like passwords and access tokens, as encrypted secrets and then reference these in the Dependabot configuration file. If you have registries on private networks, you can also configure Dependabot access when running Dependabot on self-hosted runners.

This article contains detailed information about configuring private registries, as well as commands you can run from the command line to configure your package managers locally.

Examples of how you can configure Dependabot to only access private registries by removing calls to public registries.

To support debugging of Dependabot pull requests, GitHub provides logs of all Dependabot jobs.

If the dependency information reported by GitHub is not what you expected, there are a number of points to consider, and various things you can check.

Sometimes Dependabot is unable to raise a pull request to update your dependencies. You can review the error and unblock Dependabot.