Try GitHub Copilot CLIAttend GitHub Universe
Back to changelog
Improvement

February 3, 20261 Minute Read

Dependabot now supports OIDC authentication

Dependabot can now use OpenID Connect (OIDC) to authenticate with private registries, eliminating the need to store long-lived credentials as repository secrets.

What’s new

With OIDC-based authentication, Dependabot update jobs can dynamically obtain short-lived credentials from your cloud identity provider, just like GitHub Actions workflows using OIDC federation.

Supported registries

  • AWS CodeArtifact
  • Azure DevOps Artifacts
  • JFrog Artifactory

Benefits

  • Enhanced security: Eliminates static, long-lived credentials from your repositories. Short-lived, dynamically generated tokens reduce operational overhead and attack surface.
  • Simpler management: Enables secure, policy-compliant access to private registries.
  • Avoid rate limiting: Dynamic credentials help you avoid hitting rate limits associated with static tokens.

Getting started

To enable OIDC authentication for your private registry, update your dependabot.yml configuration to use the new OIDC authentication type for supported registries. See our documentation on private registry configuration for setup instructions and examples.

Learn more

Related Posts

Subscribe to our developer newsletter

Discover tips, technical guides, and best practices in our biweekly newsletter just for devs.

By submitting, I agree to let GitHub and its affiliates use my information for personalized communications, targeted advertising, and campaign effectiveness. See the GitHub Privacy Statement for more details.

Dependabot now supports OIDC authentication - GitHub Changelog