Skills

dependabot

Originally fromgithub/awesome-copilot
Installation
SKILL.md

Dependabot Configuration & Management

Overview

Dependabot is GitHub's built-in dependency management tool with three core capabilities:

  1. Dependabot Alerts — Notify when dependencies have known vulnerabilities (CVEs)
  2. Dependabot Security Updates — Auto-create PRs to fix vulnerable dependencies
  3. Dependabot Version Updates — Auto-create PRs to keep dependencies current

All configuration lives in a single file: .github/dependabot.yml on the default branch. GitHub does not support multiple dependabot.yml files per repository.

Configuration Workflow

Follow this process when creating or optimizing a dependabot.yml:

Step 1: Detect All Ecosystems

Scan the repository for dependency manifests. Look for:

Installs
124
Repository
ilteoood/harness
GitHub Stars
2
First Seen
May 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
dependabot — ilteoood/harness