Automic VaultAutomic Vault

brew

Install dependabot with Homebrew

Tool for testing and debugging Dependabot update jobs. Version 1.91.0 via Homebrew; verified 2026-06-29.

install

Additional install commands

macOS

Homebrewverified ยท 100%
brew install dependabot

local Homebrew formula metadata

overview

Package summary

Tool for testing and debugging Dependabot update jobs

Commands and aliases

  • dependabot

history

Project history and usage

Dependabot CLI is the command-line companion for running Dependabot update jobs outside the hosted GitHub workflow. It is aimed less at end users casually enabling dependency updates and more at maintainers, security engineers, and package ecosystem developers who need to reproduce, debug, or smoke-test the exact update jobs that Dependabot runs.

Project history

The CLI repository was created under the official Dependabot GitHub organization in 2022. Its README describes a Go command that runs Dependabot jobs, pulls the updater and proxy container images, and records the pull-request operations that a hosted Dependabot run would normally perform.

The tool is closely tied to Dependabot's broader configuration model: the same package ecosystem names, repository paths, registry credentials, and update-job concepts show up in both CLI job files and GitHub's official dependabot.yml documentation.

Adoption history

Adoption is mainly among people who already operate Dependabot at scale. The README points users to Go installation, GitHub releases, and Homebrew, which made the tool easy to reach from developer laptops and CI debugging sessions without building Dependabot internals by hand.

How it is used

Typical usage is to run `dependabot update` for a package ecosystem and repository, or to pass a YAML job description for security-update and private-registry cases. The CLI can pass tokens from environment variables into the proxy so that the updater can access GitHub APIs and package registries without directly receiving secrets.

Why package nerds care

For package nerds, Dependabot CLI is interesting because it exposes the machinery behind automated dependency PRs: ecosystem identifiers, manifest directory selection, registry credentials, update strategies, and the split between updater containers and a credential-injecting proxy.

Timeline

  • 2022: Official dependabot/cli repository created.
  • 2022: README examples documented `dependabot update` and smoke-test workflows.
  • 2026: GitHub Docs continue to document dependabot.yml as the primary configuration surface for Dependabot.

Related projects

  • Dependabot CLI depends conceptually on dependabot-core for package ecosystem behavior and on GitHub's dependabot.yml configuration model for hosted repository updates.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for dependabot. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.github/dependabot.yml

executables

Installed executables

CommandKindExposureNote
dependabotcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.91.0
manager updated2026-06-29
local dataok
upstreamcurrent
latest detectedv1.91.0

https://github.com/dependabot/cli

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:dependabot
Version1.91.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/dependabot
Homepagehttps://github.com/dependabot/cli
Repositoryhttps://github.com/dependabot/cli
Upstream docshttps://github.com/dependabot/cli#readme
LicenseMIT
Source archivehttps://github.com/dependabot/cli/archive/refs/tags/v1.91.0.tar.gz
Last updated2026-06-29T20:51:51Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namedependabot
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment