Dependabot for Docker
Dependabot creates pull requests to keep your Dockerfile up-to-date.
How it works
Dependabot fetches your Dockerfile
Every day, Dependabot pulls down your Dockerfile and identifies the base image it uses.
Dependabot checks the base image is up-to-date
Dependabot checks Docker hub, or your private registry, for updates to your base image.
Dependabot creates a PR if an update is available
If an updated base image exist, Dependabot opens a PR to upgrade your Dockerfile to use it.
Alongside Dependabot's core features, our support for Docker has:
Flexible monorepo support
Using a monorepo? No problem - you can specify one or many directories within a repo for Dependabot to look for Dockerfiles in.
Custom branches and labels
By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.