Skip to content



Dependabot helps you keep your dependencies up to date. It works with most popular languages - you can see full details of the languages we support here.

Every day, Dependabot checks your dependency files for outdated or insecure requirements and opens individual pull requests for any it finds. You review the PRs, merge them, and get to work on the latest, most secure releases.

Great PRs that stay up-to-date

Dependabot pull requests include release notes, changelogs and commit links whenever they're available. They'll also automatically keep themselves conflict-free.

Compatibility scores for each update

Dependabot aggregates everyone's test results into a compatibility score, so you can be certain a dependency update is backwards compatible and bug-free.

Security advisories handled automatically

Dependabot monitors security advisories for Ruby, JavaScript, PHP, Java, .NET, Python, Elixir and Rust. We create PRs immediately in response to new advisories.

Simple getting started flow

We'll update five of your dependencies each day, until you're on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.

Automatic merge options

Dependabot can be configured to automatically merge PRs if your tests pass on them, based on the size of the change (patch/minor/major) and the dependency type.

Helpful PRs with release notes, changelogs, and Dependabot compatibility scores
Support for multiple languages and flexible update schedules

Pricing and setup

Dependabot logo preview


Daily dependency updates for up to 25 private repos

For organization accounts only

  • Unlimited public repos
  • 25 private repos
$50 $25 $50 / month
$600 $300 $600 / year

Next: Confirm your installation location and payment information.

Dependabot is provided by a third-party and is governed by separate terms, privacy policy, and support contact.

You can’t perform that action at this time.