Currently it's not clear how can we use dependabot-script for a self-hosted version in commercial environment (in GitLab). The license in the script repo is MIT, that is clear. But it uses dependabot-core as a docker image. Dependabot-core is not free-of-charge in commercial, based on the license in the core repo. And the webpage of Dependabot tells me that the service is free of charge. (I think the GitHub linked service is free, but that's not clear either).

What should I do if I want to use dependabot-script in my company for commercial purposes?

Please clarify this in the readme files. (and if you answer me here I would be grateful :) )

Btw your application is great! Thank you for the hard work!

Thanks for advance!

Hey @chriske, the license on this repo is intended to allow anyone to self-host a dependency-updating bot that runs on their own repos. It does disallow running a Dependabot-like service on other people's repos.

The dependabot service offered via dependabot.com and integrated natively in GitHub is free of charge indeed.

Thanks for clarifying, @jurre!

I think the confusion is coming from the word "commercial". The essence of our license is described in the dependabot-core README here. You're welcome to use dependabot-core and dependabot-script internally within a company (which engages in commerce) to keep your dependencies up to date, but you're not allowed to use any part of Dependabot's code as part of your own commercial offering - for instance, you wouldn't be allowed to build a competitor to Dependabot using Dependabot.

Thank you guys for the help!

@hmarr you're right, the commercial word confused me.

Thanks again for the support and for your time!