macOS
brew install dependabotlocal Homebrew formula metadata
brew
Tool for testing and debugging Dependabot update jobs. Version 1.91.0 via Homebrew; verified 2026-06-29.
install
brew install dependabotlocal Homebrew formula metadata
overview
Tool for testing and debugging Dependabot update jobs
history
Dependabot CLI is the command-line companion for running Dependabot update jobs outside the hosted GitHub workflow. It is aimed less at end users casually enabling dependency updates and more at maintainers, security engineers, and package ecosystem developers who need to reproduce, debug, or smoke-test the exact update jobs that Dependabot runs.
The CLI repository was created under the official Dependabot GitHub organization in 2022. Its README describes a Go command that runs Dependabot jobs, pulls the updater and proxy container images, and records the pull-request operations that a hosted Dependabot run would normally perform.
The tool is closely tied to Dependabot's broader configuration model: the same package ecosystem names, repository paths, registry credentials, and update-job concepts show up in both CLI job files and GitHub's official dependabot.yml documentation.
Adoption is mainly among people who already operate Dependabot at scale. The README points users to Go installation, GitHub releases, and Homebrew, which made the tool easy to reach from developer laptops and CI debugging sessions without building Dependabot internals by hand.
Typical usage is to run `dependabot update` for a package ecosystem and repository, or to pass a YAML job description for security-update and private-registry cases. The CLI can pass tokens from environment variables into the proxy so that the updater can access GitHub APIs and package registries without directly receiving secrets.
For package nerds, Dependabot CLI is interesting because it exposes the machinery behind automated dependency PRs: ecosystem identifiers, manifest directory selection, registry credentials, update strategies, and the split between updater containers and a credential-injecting proxy.
security posture
No matching local secret-handling manifest was found for dependabot. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.github/dependabot.ymlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
dependabot | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/dependabot/cli
install metadata
| Package key | brew:dependabot |
|---|---|
| Version | 1.91.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/dependabot |
| Homepage | https://github.com/dependabot/cli |
| Repository | https://github.com/dependabot/cli |
| Upstream docs | https://github.com/dependabot/cli#readme |
| License | MIT |
| Source archive | https://github.com/dependabot/cli/archive/refs/tags/v1.91.0.tar.gz |
| Last updated | 2026-06-29T20:51:51Z |
| Pulse | updated |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | dependabot |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.