Table of contents

Manage Ruby dependencies with Dependabot

We’re obliged to keep our software current.

To help with this we’re currently trialling a service called Dependabot to perform automated dependency upgrades.

Policies

Add Dependabot to a repo

  1. Give Dependabot access to the repo (only GitHub org owners can do this)
  2. Go to Dependabot admin and click “Add project”

Security

There are 2 safeguards to prevent unauthorised code changes. Firstly, Dependabot can only update the repositories that we explicitly allow on GitHub. This prevents code changes to other repos. Secondly, we’ve set up branch protection for all repos with the govuk label. This prevents Dependabot from writing directly to master.

More about Dependencies

This page was last reviewed . It needs to be reviewed again by the page owner @tijmen.