application-security

Dependabot

Definition

Dependabot is GitHub's automated dependency update service that monitors repositories for outdated or vulnerable dependencies and automatically opens pull requests to update them. It supports security updates (patching known CVEs immediately) and version updates (keeping dependencies current).

Dependabot integrates with GitHub Security Advisories and can be configured with merge policies, grouping rules, and update schedules.

Related Terms

Renovate

SCA

Software Composition Analysis

Supply Chain Security

Software Supply Chain Security

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product