Universal dependency update tool that fits into your workflows.
Automated dependency updates. Multi-platform and multi-language.
Renovate was released in 2017 and already is widely used in the developer community, including:
The easiest way to use Renovate if you are hosted on GitHub.com is to install the hosted Renovate app. On Azure DevOps you can install Renovate as an extension from the marketplace.
For Azure DevOps, visit the Visual Studio Marketplace and install the Renovate Me extension in your organization. From there you can create a pipeline with the
RenovateMetask. More details on how to configure the pipeline. Note: This extension is created and maintained personally by a Renovate developer/user so support requests relating to the extension itself cannot be answered directly in the main Renovate repository. Alternatively, you can create a custom pipeline with a
ymldefinition that will trigger
npx renovate. More details on how to configure the pipeline.
For Bitbucket Cloud, Bitbucket Server, Gitea and GitLab, use our self-hosting option.
Visit https://docs.renovatebot.com/ for documentation, and in particular https://docs.renovatebot.com/configuration-options/ for a list of configuration options.
To get help and/or a review for your config, go to the discussions tab in the Renovate repository and open a new "config help" discussion post.
If you are not on github.com or gitlab.com, or you prefer to run your own instance of Renovate then you have several options:
renovateCLI tool from npmjs, run it on a schedule (e.g. using cron)
renovate/renovateDocker Hub image (same content/versions as the CLI tool), run it on a schedule
renovate/renovate:slimDocker Hub image if you only use package managers that don't need third party binaries (e.g. JS, Docker, Nuget, pip)
If you would like to contribute to Renovate or get a local copy running for some other reason, please see the instructions in .github/contributing.md.
If you discover any important bug with Renovate that may pose a security problem, please disclose it confidentially to [email protected] first, so that it can be assessed and hopefully fixed prior to being exploited. Please do not raise GitHub issues for security-related doubts or problems.