Skip to content

supported-ecosystems-and-repositories.md

Latest commit

 

History

History
49 lines (37 loc) · 3 KB

supported-ecosystems-and-repositories.md

File metadata and controls

49 lines (37 loc) · 3 KB
title Dependabot supported ecosystems and repositories
shortTitle Dependabot ecosystems
intro {% data variables.product.prodname_dependabot %} supports a variety of ecosystems and repositories
allowTitleToDifferFromFilename true
topics
Dependabot
Dependencies
Alerts
Vulnerabilities
Repositories
versions
fpt ghec ghes
*
*
*
redirect_from
/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories
contentType reference

About {% data variables.product.prodname_dependabot %}

{% data variables.product.prodname_dependabot %} helps you stay on top of your dependency ecosystems. With {% data variables.product.prodname_dependabot %}, you can keep the dependencies you rely on up-to-date, addressing any potential security issues in your supply chain.

{% data reusables.dependabot.dependabot-overview %}

For more information about {% data variables.product.prodname_dependabot %}, see AUTOTITLE.

In this article, you can see what the supported ecosystems and repositories are.

Supported ecosystems and repositories

You can configure updates for repositories that contain a dependency manifest or lock file for one of the supported package managers. For some package managers, you can also configure vendoring for dependencies. For more information, see vendor. {% data variables.product.prodname_dependabot %} also supports dependencies in private registries. For more information, see AUTOTITLE. {% ifversion ghes %}

Note

To ensure that {% data variables.product.prodname_ghe_server %} supports {% data variables.product.prodname_dependabot_updates %} for the latest supported ecosystem versions, your enterprise owner must download the most recent version of the {% data variables.product.prodname_dependabot %} action. {% data reusables.actions.action-bundled-actions %}

{% endif %}

Note

  • {% data reusables.dependabot.private-dependencies-note %}
  • {% data variables.product.prodname_dependabot %} doesn't support private {% data variables.product.prodname_dotcom %} dependencies for all package managers. See the details in the table below.

If your repository already uses an integration for dependency management, you will need to disable this before enabling {% data variables.product.prodname_dependabot %}. {% ifversion fpt or ghec %}For more information, see AUTOTITLE.{% endif %}

{% data reusables.dependabot.supported-package-managers %}