Dependabot: version updates from private GitHub repositories

Dependabot already updates your public dependencies, such as open source dependencies from a public GitHub repository, npm, Maven Central, or similar. Now, you can also update dependencies from private GitHub repositories. This feature is available for most package managers supported by Dependabot version updates, except bundler, hex, and pip.

To get started, grant Dependabot access to some or all of your private repositories on your organization's security & analysis settings page: https://github.com/organizations/YOUR-ORGANIZATION/settings/security_analysis.

Learn more about Dependabot version updates

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.