D
Dependabot (GitHub)
43
Stack Score
Editorial pick✓ Verified working
Dependabot (GitHub)
Automated dependency updates.
Best for
Best for any engineering team on GitHub — should be turned on as default.
At a glance
- Pricing
- free
- Setup time
- 10 minutes
- Learning curve
- easy
- Last verified
- 5/25/2026
What we love
- ✓Free with GitHub
- ✓Zero-config for most repos
- ✓Massive language coverage
Where it falls short
- −Can flood PRs without rule tuning
- −Some updates need manual review
- −GitHub-only
Pricing
✓ Pricing verified Jun 21, 20261 tier
Free
$0
forever
- ✓All Dependabot features
Overview
Dependabot (built into GitHub) scans dependencies, opens PRs for security and version updates, and supports custom update rules. Free for public repos, included in GitHub plans for private repos.
Key features
- ●Auto-PR for updates
- ●Security alerts
- ●Version vs security separation
- ●Custom schedule + rules
- ●GitHub-native
Best use cases
Security patch automation
Auto-open PRs the moment a CVE drops in a dependency you use.
Major version upgrades
Schedule grouped version updates so you don't fall years behind.
Integrations
Similar tools
See all security →One AI Stack pick every week.
The tool we’d pay for this week, why we’d pay for it, and what we’d skip. No promo spam.