Skip to content

supported-ecosystems-and-repositories.md

Latest commit

 

History

History
43 lines (34 loc) · 3.03 KB

supported-ecosystems-and-repositories.md

File metadata and controls

43 lines (34 loc) · 3.03 KB
title Dependabot supported ecosystems and repositories
shortTitle Dependabot ecosystems
intro {% data variables.product.prodname_dependabot %} supports a variety of ecosystems and repositories
allowTitleToDifferFromFilename true
topics
Dependabot
Dependencies
Alerts
Vulnerabilities
Repositories
versions
fpt ghec ghes
*
*
*
redirect_from
/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories
contentType reference

This article provides reference information about the package ecosystems and repository types that {% data variables.product.prodname_dependabot %} supports.

{% data variables.product.prodname_dependabot %} is a {% data variables.product.github %} tool that helps keep your dependencies secure and up to date. It automatically detects vulnerable or outdated dependencies in your repositories and creates pull requests to update them, making it easier to maintain your software supply chain security. For more information, see AUTOTITLE.

Supported ecosystems maintained by {% data variables.product.github %}

You can configure updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see vendor. {% data variables.product.prodname_dependabot %} also supports dependencies in private registries. For more information, see AUTOTITLE. {% ifversion ghes %}

Note

To ensure that {% data variables.product.prodname_ghe_server %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the {% data variables.product.prodname_dependabot %} action. {% data reusables.actions.action-bundled-actions %}

{% endif %}

Note

  • {% data reusables.dependabot.private-dependencies-note %}
  • {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below.

If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see AUTOTITLE.{% endif %}

{% data reusables.dependabot.supported-package-managers %}