Automated dependency updates

Dependabot creates pull requests to keep your Ruby, Python, JavaScript, PHP, Elixir and Java dependencies up-to-date.

Sign up Learn how it works

Over 45,000 pull requests merged, and counting!

How it works


Dependabot checks for updates

Every day, Dependabot pulls down your dependency files and looks for any outdated requirements.


Dependabot opens pull requests

If any of your dependencies are out-of-date, Dependabot opens individual pull requests to bump each one.


You review and merge

You check your tests pass, scan the included changelog and release notes, then hit merge with confidence.

Screenshot of a Dependabot pull request


Simple, drip-feed getting started flow

We'll update five of your dependencies each day, until you're on the cutting edge. Request more PRs if you want, or close them to ignore a dependency until the next release.

Daily, weekly, or monthly update options

Choose to receive update PRs daily, weekly or monthly. Think of it like brushing your teeth regularly rather than occasionally making painful trips to the dentist.

Great pull requests that stay up-to-date

Dependabot PRs include release notes, changelogs and commit links whenever they're available. They'll also automatically keep themselves conflict-free.

Compatibility scores for each update

Dependabot aggregates everyone's test results into a compatibility score, so you can be certain a dependency update is backwards compatible and bug-free.

Automatic merge options

Dependabot can be configured to automatically merge PRs if your tests pass on them, based on the size of the change (patch/minor/major) and the dependency type.

Five star customer support

We can always be reached on [email protected], or you can just mention @dependabot in a pull request comment to tag in a human.

Trusted by

... plus 700 more, who have merged over 45,000 Dependabot pull requests.


Open Source / Personal Account

Public repos and personal account repos are free

$0 per month

Small Organization

Up to 5 private projects on an organization account

$15 per month

Free trial for 14 days!


Unlimited private projects on an organization account

$50 per month

Free trial for 14 days!

Get started

Dependabot is a GitHub integration, so you can try it on a single repository.
Set up takes less than a minute.

Sign up