dependabotlisted

Comprehensive guide for configuring and managing GitHub Dependabot. Use this skill when users ask about creating or optimizing dependabot.yml files, managing Dependabot pull requests, configuring dependency update strategies, setting up grouped updates, monorepo patterns, multi-ecosystem groups, security update configuration, auto-triage rules, or any GitHub Advanced Security (GHAS) supply chain security topic related to Dependabot.
beel-collab/presets · ★ 4 · AI & Automation · score 62

Install: claude install-skill beel-collab/presets

# Dependabot Configuration & Management ## Overview Dependabot is GitHub's built-in dependency management tool with three core capabilities: 1. **Dependabot Alerts** — Notify when dependencies have known vulnerabilities (CVEs) 2. **Dependabot Security Updates** — Auto-create PRs to fix vulnerable dependencies 3. **Dependabot Version Updates** — Auto-create PRs to keep dependencies current All configuration lives in a **single file**: `.github/dependabot.yml` on the default branch. GitHub does **not** support multiple `dependabot.yml` files per repository. ## Configuration Workflow Follow this process when creating or optimizing a `dependabot.yml`: ### Step 1: Detect All Ecosystems Scan the repository for dependency manifests. Look for: | Ecosystem | YAML Value | Manifest Files | |---|---|---| | npm/pnpm/yarn | `npm` | `package.json`, `package-lock.json`, `pnpm-lock.yaml`, `yarn.lock` | | pip/pipenv/poetry/uv | `pip` | `requirements.txt`, `Pipfile`, `pyproject.toml`, `setup.py` | | Docker | `docker` | `Dockerfile` | | Docker Compose | `docker-compose` | `docker-compose.yml` | | GitHub Actions | `github-actions` | `.github/workflows/*.yml` | | Go modules | `gomod` | `go.mod` | | Bundler (Ruby) | `bundler` | `Gemfile` | | Cargo (Rust) | `cargo` | `Cargo.toml` | | Composer (PHP) | `composer` | `composer.json` | | NuGet (.NET) | `nuget` | `*.csproj`, `packages.config` | | .NET SDK | `dotnet-sdk` | `global.json` | | Maven (Java) | `maven` | `pom.xml` | | Gradle (Java) | `g