Dependabot for Docker

Dependabot creates pull requests to keep your Dockerfile up-to-date.

How it works


Dependabot fetches your Dockerfile

Every day, Dependabot pulls down your Dockerfile and identifies the base image it uses.


Dependabot checks the base image is up-to-date

Dependabot checks Docker hub, or your private registry, for updates to your base image.


Dependabot creates a PR if an update is available

If an updated base image exist, Dependabot opens a PR to upgrade your Dockerfile to use it.


Alongside Dependabot's core features, our support for Docker has:

Flexible monorepo support

Using a monorepo? No problem - you can specify one or many directories within a repo for Dependabot to look for Dockerfiles in.

Custom branches and labels

By default, Dependabot will create PRs against your default branch and label them with "dependencies". Want to use a different branch or label? No problem.