Terms of Service

Subject matter

These Terms of Service (the “Terms”) govern the customer’s use of Dependabot.

Dependabot communicates with the GitHub hosting service ("GitHub", which is offered by GitHub Inc.) on the customer’s behalf. The customer must have a valid GitHub account and must have agreed to GitHub’s terms of service. Any costs associated with opening or maintaining the customer’s GitHub account are the customer’s sole responsibility. The customer will provide Dependabot with its GitHub account information (the “GitHub Sign-In”) when signing into GitHub via dependabot.com (the “Website”). The customer consents to Dependabot accessing the customer’s GitHub account. Dependabot will directly communicate in the name of the customer and in its own name with GitHub, and the customer authorizes Dependabot to act on its behalf towards GitHub Inc. The customer is solely liable for any costs or damages that GitHub Inc. associates with the GitHub Sign-In.

Service specification

Dependabot provides an online, automated dependency management service ("Service"). It is integrated with GitHub and offers support for several programming languages.

To provide the Service, Dependabot will access the customer's GitHub account on the customer's behalf. Dependabot will download the files required to check and update the dependencies on a GitHub repository specified by the customer, and will create new commits containing the updated files. Dependabot will never store details of the customer's code, except as required to make the aforementioned updates.

No consultancy, training, trouble shooting or support is within the scope of the services offered by Dependabot under these Terms.

Your Account

Using Dependabot requires the opening of an Account at https://dependabot.com by using the customer’s GitHub Sign-In. Dependabot may only be used by GitHub users.

By opening an Account with Dependabot, the customer is deemed to accept these Terms.

An Account may only be used by one single person. The customer is entitled to create separate Accounts for its employees.

The person opening the account represents that he/she has the legal authority to bind the legal entity he/she acts for and provide the GitHub Sign-Ins to Dependabot.

In connection with the Account registration the customer is obliged to:

  • keep Account data confidential at all times and to do everything to avoid any third party getting hold of the data. In this respect "third party" also includes all employees of the customer that are not designated to use Dependabot;
  • immediately inform Dependabot in case of loss, theft or other disclosure of the Account data to a third party or when misuse of the Account data is suspected, and to immediately change the password;
  • allow the Account data to be used only by designated administrators that are specified in the registration procedure.

Obligations of the customer

If the customer chooses a paid plan, the customer agrees to pay Dependabot the fees set out in the pricing section at https://dependabot.com from time to time. Dependabot’s fees will be collected automatically as part of the customer’s payments to GitHub for GitHub’s marketplace services.

The customer must not interfere or intend to interfere in any manner with the functionality or proper working of Dependabot.

The customer will indemnify and hold harmless Dependabot, its officers and directors, employees and agents from any and all third party claims, damages, and costs (including reasonable attorney fees) arising out of the customer’s use of Dependabot in a manner not authorized by these Terms or in a manner that violate applicable law.

Obligations of Dependabot

Dependabot will use reasonable commercial endeavours to ensure that the Service is performed substantially in accordance with the Service specification and in a timely and professional manner.

Dependabot will use reasonable commercial endeavours to ensure that any defects in the Service shall be remediated within a reasonable time following a detailed notification of such defect being given to Dependabot by the customer.

Intellectual Property

As part of providing the Service, Dependabot generates software code contributions to the customer's repositories. For the avoidance of doubt, Dependabot grants to each customer a non-exclusive, worldwide right or license to perform, display, and use the contributions and any content contained in, accessed by or transmitted through Dependabot to customer's repositories.


Dependabot warrants that, insofar as it is aware, the customer's use of the Service and software therein in accordance with these Terms will not infringe the intellectual property rights of any third party.

The customer warrants that: (i) it will comply at all times with these Terms; (ii) it will not use the Service for any purpose that could, in Dependabot’s reasonable opinion, be considered obscene, blasphemous, defamatory, promote or incite terrorism or hatred based on religion, race or disability, or is illegal pursuant to all applicable laws and regulations (including copyright laws); and (iii) it will not introduce to the Service any virus, worm, Trojan horse, adware, spyware or any other form of malicious content, code or software or anything which may otherwise compromise Dependabot’s Service, properties or assets.

Downtime and services suspensions

Adjustments, changes and updates of Dependabot that help to avoid or maintain dysfunctions of the Service may lead to temporary Service suspensions. Dependabot will try to limit downtime of the Service or restrictions of accessibility to 10 hours a month.

The customer is aware that the Service relies on a working internet infrastructure. Additional downtime of the Service can occur, if the website is not available and at any other time with restrictive access to the internet.

The customer is aware that Dependabot does not work if GitHub is not properly available (be it to Dependabot or the customer).

Rights to use

Subject to and conditional upon the customer’s compliance with these Terms, the customer is granted a limited, non-exclusive, non-transferable, non-sublicenseable right to use Dependabot as software as a service via the internet.

The customer is not granted any additional right to the Service or any other intellectual property of Dependabot. The customer shall not be entitled to make copies of the Service or any software therein. The customer shall not translate the program code into other forms of code (decompilation) or employ other methods aimed at revealing the code embedded in the software of the Service in the various stages of its development (reverse engineering).

The customer is not entitled to remove or make alterations to copyright notices, serial numbers or other features which serve to identify the Service.

Limitation of liability

To the maximum extent permitted by applicable law, Dependabot and its officers, employees and agents will not be liable for any indirect, incidental, special, consequential or punitive damages including, without limitation, loss of profits, data, use, good will or other intangible losses resulting from your access to and use of (or inability to access and use) the Service.

In no event shall Dependabot's total liability to you for any damages resulting from any claim or series of related claims exceed the amount paid by you for the Service within the 12 months preceding such claim or series of claims.


Each of Dependabot and the customer undertakes that it will not at any time hereafter use, divulge or communicate to any person, except to its professional representatives or advisers or as may be required by law or any legal or regulatory authority, any confidential information concerning the business or affairs of the other party which may have or may in future come to its knowledge and each of Dependabot and the customer shall use its reasonable endeavours to prevent the publication or disclosure of any confidential information concerning such matters.

Data protection

Dependabot will process personal data in accordance with its Privacy Policy, available at https://dependabot.com/privacy/.

Term and Termination

These Terms will remain in effect until terminated by Dependabot or the customer in accordance with this paragraph.

Dependabot or the customer may terminate these Terms for any or no reason at their convenience at any time. Termination may be issued in writing or by using the provided account closing mechanism, if provided by Dependabot. By terminating these Terms, the customer waives its right to further use of the Service and acknowledges that Dependabot will not be liable to refund any sums paid by the customer in respect of the remaining duration of the customer’s then-current subscription period.

No notice period is required for Dependabot or the customer to terminate these Terms. The Warranty, Limitation of Liability, Confidentiality, Governing Law and Jurisdiction, and Resolving Disputes paragraphs will survive termination.

Governing Law and Jurisdiction

Dependabot’s relationship with the customer is governed by English law and the English courts shall have exclusive jurisdiction over any disputes relating or connected to it.

Resolving disputes

Should the customer have any concerns or complaints about the Service Dependabot provides, the customer should contact Dependabot in the first instance using any of the methods set out on the Dependabot website. Dependabot will work with the customer in order to understand the issue and work towards a swift resolution.


Any notice or other communication required to be given to Dependabot or the customer under or in connection with these Terms shall be sent by e-mail to the email-address registered by the customer with GitHub, or to any updated email-address the customer provides from time to time.

Notices to Dependabot must be directed to GitHub using the support form.

Final provisions

These Terms, together with any documents referred to in them, or expressed to be entered into in connection with them, constitute the whole agreement between Dependabot or the customer concerning their subject matter.

The customer may set off only legally binding and recognized claims. The rights and obligations arising from these Terms are generally not transferable. However, Dependabot may transfer these Terms with all rights and obligations to a company of its choice.

If any provision of these Terms is or later becomes invalid, or contains omissions, the validity of the other provisions shall remain unaffected. Dependabot and the customer shall agree upon a new provision, which shall resemble the invalid provision as closely as possible in purpose and meaning considering the interests of Dependabot or the customer and the legal regulations, to replace the invalid provision. In the event of an omission in these Terms, a provision shall be agreed upon which shall correspond with that which would have been agreed, pursuant to the purpose and meaning of these Terms, if the matter had been considered by Dependabot and the customer when these Terms was formed.

These Terms may occasionally be modified by Dependabot at any time.