Dependabot's repositories
dependabot-core
🤖 Dependabot's core logic for creating update PRs.
dependabot-script
A simple script that demonstrates how to use Dependabot Core
fetch-metadata
Extract information about the dependencies being updated by a Dependabot-generated PR.
elixir-security-advisories
Old database of Elixir security advisories before the GitHub Security Advisory DB supported Hex / Elixir.
smoke-tests
A collection of manifest files for various package managers and is used to perform end-to-end tests for Dependabot.
dependabot-actions-workflow
Old example workflow for updating Dependabot pull requests. No longer relevant, see Readme for details.
gem-vulnerability-analysis
Jupyter notebook for a blog post on gem vulnerabilities and version updates.
gomodules-extracted
This code was originally used in dependabot-core, but has since been removed. See Readme for details.
dummy-packages
Dummy packages for testing Dependabot
php-dummy-pkg-a
A dummy PHP package for testing Dependabot.
prometheus-aggregator-ruby
A Ruby client for https://github.com/peterbourgon/prometheus-aggregator
php-dummy-pkg-b
A dummy PHP package for testing Dependabot.
updater-action
Runs Dependabot Updates via GitHub Actions. This fork exists because the Action used to live in the Dependabot org prior to GA. So beta customers may still depend on its original location.
goproxy
An HTTP proxy library for Go. Dependabot uses this in our internal credential proxy: https://github.com/dependabot/dependabot-core/?tab=readme-ov-file#private-registry-credential-management We maintain a fork in case the original goes down or if we need to run additional patches on top.