Terms of Service

Subject matter

The subject matter of this Agreement is the use of Dependabot. This Agreement regulates all relations between Dependabot and the customer regarding the use of Dependabot.

Dependabot communicates with the GitHub hosting service which is offered by GitHub Inc. on the customer’s behalf. Condition to the proper use of Dependabot is a valid contract with GitHub Inc. on the use of GitHub which may lead to costs on the customer’s sole responsibility. The customer will provide Dependabot with his GitHub account information (hereinafter “GitHub Sign-In”) when signing in through GitHub via dependabot.com (hereinafter the “Website”) automatically. He allows Dependabot to access the customer’s GitHub account. Dependabot will directly communicate in the name of the customer and in its own name with GitHub, and the customer authorizes Dependabot to act on his behalf towards GitHub Inc. The customer is solely liable for any costs or damages that GitHub Inc. associates with the GitHub Sign-In.

Service specification

Dependabot provides an online, automated dependency management service. It is integrated with GitHub and offers support for several programming languages.

To perform its automated dependency management service, Dependabot will access the customer's GitHub account on the customer's behalf. Dependabot will download the files required to check and update the dependencies on a GitHub repository specified by the customer, and will create new commits containing the updated files. Dependabot will never store details of the customer's code, except as required to make the aforementioned updates, and new commits will only ever be pushed to branches namespaced for use by Dependabot. As such, Dependabot will never make updates directly to your master or default branches.

No consultancy, training, trouble shooting or support is within the scope of the services offered by Dependabot under this Agreement.

Concluding of the Agreement

Using Dependabot requires the opening of an Account at https://dependabot.com by using the customer’s GitHub Sign-In. Dependabot will conclude Agreements on the use of Dependabot only with GitHub users.

The opening of an Account by the customer is deemed an offer to conclude this agreement. Dependabot may at its own discretion accept this offer by explicitly accepting it or rendering services under this agreement.

An Account may only be used by one single person. The customer is entitled to create separate Accounts for his employees.

The person opening the account represents that he/she has got the legal authority to bind the legal entity he/she acts for to this Agreement and may in knowledge of this agreement provide the GitHub Sign-Ins to Dependabot.

In connection with the registration the customer is obliged to

  • keep Account Data confidential at all times and to do everything to avoid any third party getting hold of the data. In this respect ‘third party’ also includes all employees of the customer that are not designated to use Dependabot;
  • immediately inform Dependabot in case of loss, theft or other disclosure of the Account Data to a third party or in a suspicion of misuse of the Account Data and to immediately change the password;
  • allow the use of the Account Data only designated administrators to be specified in the registration procedure.

Obligations of the customer

If you choose a paid plan, you agree to pay us fees. Details of those fees are set out in the pricing section at https://dependabot.com. Our fees will be collected automatically as part of your payments to GitHub for their marketplace services.

You must not interfere or intend to interfere in any manner with the functionality or proper working of Dependabot.

You will indemnify and hold harmless Dependabot, its officers and directors, employees and agents from any and all third party claims, damages, costs and (including reasonable attorneys fees) arising out of your use of Dependabot in a manner not authorized by this Agreement, and/or applicable law.


Dependabot undertakes that the service will be performed substantially in accordance with the service specification and with reasonable skill and care. In the event that the services do not conform with such warranty, Dependabot will use all reasonable commercial endeavours to correct such non-performance or provide the customer with an alternative means of accomplishing the desired performance.

Defects in the supplied Software shall be remediated within a reasonable time following a detailed notification of such defect being given to Dependabot by the customer.

Dependabot warrants that the software is free from viruses and defects, and does not contain any malicious code. Dependabot further warrants that the customer's use of the service/software will not infringe the intellectual property rights of a third party.

Dependabot warrants that it will comply with all applicable laws, statutes, regulations and codes from time to time in force.

Downtime and services suspensions

Adjustments, changes and updates of Dependabot that help to avoid or maintain dysfunctions of the software may lead to temporary service suspensions. Dependabot will try to limit downtime of the service or restrictions of accessibility to 10 hours a month.

The customer is aware that the service relies on a working internet infrastructure. Additional downtime of the service can occur, if the website is not available and at any other time with restrictive access to the internet.

The customer is aware that Dependabot does not work if GitHub is not properly available (be it to Dependabot or the customer).

Rights to use

The customer is granted a limited, non-exclusive, non-transferable, non-sublicenseable right to use Dependabot as software as a service via the internet.

The customer is not granted any additional right to the Software or any other intellectual property of Dependabot. This especially means that the customer shall not be entitled to make copies of the Software. The customer shall not translate the program code into other forms of code (decompilation) or employ other methods aimed at revealing the Software’s code in the various stages of its development (reverse engineering).

The customer is not entitled to remove or make alterations to copyright notices, serial numbers or other features which serve to identify the Software.

Limitation of liability

To the maximum extent permitted by applicable law, Dependabot and its officers, employees and agents will not be liable for any indirect, incidental, special, consequential or punitive damages including, without limitation, loss of profits, data, use, good will or other intangible losses resulting from your access to and use of (or inability to access and use) the service.

In no event shall Dependabot's total liability to you for any damages resulting from any claim or series of related claims exceed the amount paid by you for the service within the 12 months preceding any claim or series of claims.

Likewise, in no event shall your total liability to Dependabot for any damages exceed the amount paid by you for the service within the 12 months preceding any claim or series of claims.

Dependabot will indemnify, defend and hold harmless the customer, its affiliates and its and their officers, directors, employees, agents and subcontractors (“Indemnitees”) against all claims, demands, suits, liabilities, costs, expenses (including reasonable legal fees), damages and losses suffered or incurred by the Indemnitees arising out of or in connection with Dependabot’s negligent performance or non-performance of this agreement, or any actual or alleged infringement of a third party’s intellectual property rights arising out of the customer’s use of the service supplied by Dependabot or the Software.


Each party undertakes that it will not at any time hereafter use, divulge or communicate to any person, except to its professional representatives or advisers or as may be required by law or any legal or regulatory authority, any confidential information concerning the business or affairs of the other party which may have or may in future come to its knowledge and each of the parties shall use its reasonable endeavours to prevent the publication or disclosure of any confidential information concerning such matters.

Data protection

Dependabot stores Account Data, GitHub Sign-Ins and user information about the customer. This data may be shared with third parties if those are assigned by Dependabot to handle internal processes.

Dependabot uses web tracking to store and analyze the customer’s interacting with the Website. The customer agrees to this form of monitoring, tracking and storage. Dependabot may also store monitoring and statistical data about the customer’s usage of Dependabot and GitHub and information about the dependencies updated. These data may be – anonymized – published by Dependabot to the public.

Dependabot may inform the public about the customer using Dependabot and Dependabot’s services including a rough description of the usage for marketing and public relation purposes. The customer agrees to appear in Dependabot's reference lists including any name, trademark or logo of the customer. This includes, but is not limited to, descriptions on the Website, any other Dependabot websites, presentations, presentation material, and press announcements. The customer may opt out of being included in any/all such promotional material by contacting Dependabot at any time.

Term and Termination

The Agreement runs for an indefinite time and will remain in effect until terminated by one of Parties in accordance with this section.

The Parties may terminate this Agreement for any or no reason at their convenience at any time. Termination may be issued in writing or by using the provided account closing mechanism, if provided by Dependabot.

No notice period is required for either party to terminate this Agreement.


Our relationship with you is governed by English law and the English courts shall have exclusive jurisdiction over any disputes relating or connected to it.

Resolving disputes

Should you have any concerns or complaints about the service we provide, please contact us in the first instance using any of the methods set out on the Dependabot website. We will work with you in order to understand your issue and work towards a swift resolution.


Any notice or other communication required to be given to a party under or in connection with this contract shall be sent by e-mail to the email-address registered by you with GitHub, or to any updated email-address you provide.

Notices to Dependabot must be directed to support@dependabot.com.

Final provisions

This agreement, together with any documents referred to in it, or expressed to be entered into in connection with it, constitutes the whole agreement between the Parties concerning the subject matter of this Agreement.

The customer may set off only legally, binding and recognized claims. The rights and obligations arising from this Agreement are generally not transferable. However Dependabot may transfer this Agreement with all rights and obligations to a company of its choice.

If any provision of this agreement is or later becomes invalid, or contains omissions, the validity of the other provisions shall remain unaffected. The parties shall agree upon a new provision, which shall resemble the invalid provision as closely as possible in purpose and meaning considering the interests of the parties and the legal regulations, to replace the invalid provision. In the event of an omission in the agreement, a provision shall be agreed upon which shall correspond with that which would have been agreed, pursuant to the purpose and meaning of the agreement, if the matter had been considered by the parties when the agreement was formed.

These General Terms and Conditions may be modified by Dependabot at any time.