GitHub Dependabot

Dependabot is an automated dependency management tool that monitors software codebases for outdated and vulnerable third-party libraries. It was originally founded as an independent startup in London to help developers keep their applications secure and up-to-date by automatically creating pull requests when updates are available.

In 2019, the brand was acquired by GitHub, which integrated the technology directly into its platform as a core security feature. As GitHub is a subsidiary of Microsoft, the ultimate ownership of Dependabot lies with the Microsoft Corporation. The software is primarily developed and maintained in the United States, though it serves a global community of developers as a cloud-based service incorporated into the GitHub ecosystem.