# renovatebot/renovate **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/renovatebot-renovate).** 20,871 stars · 2,947 forks · TypeScript · agpl-3.0 ## Links - GitHub: https://github.com/renovatebot/renovate - Homepage: https://mend.io/renovate - awesome-repositories: https://awesome-repositories.com/repository/renovatebot-renovate.md ## Topics `azure-devops` `bitbucket` `dependencies` `dependencies-checking` `dependency-manager` `github` `gitlab` `npm` `package-management` ## Description Renovate is a GitOps-driven dependency management engine designed to automate the maintenance of software projects. It functions as an automated update tool that scans repository files to identify outdated dependencies, fetches the latest compatible versions from external sources, and generates pull requests to apply those updates. By integrating directly with code hosting platforms, it synchronizes project dependencies through declarative configuration files, ensuring that software components remain current and secure. The project distinguishes itself through its platform-agnostic architecture and comprehensive policy enforcement capabilities. It utilizes a hierarchical configuration system that allows for the propagation of standardized update policies across multiple repositories, while supporting custom dependency extraction for non-standard or proprietary file formats. To ensure reliability, it incorporates confidence signals derived from community data and provides intelligent automerge logic that triggers only when updates meet specific safety criteria. Beyond core updates, the tool manages the full lifecycle of infrastructure components, including container image tags and pipeline versions. It handles complex tasks such as lockfile synchronization by invoking native build tools in isolated environments, and it maintains supply chain security by monitoring for abandoned packages and integrating with private package registries. The system also offers granular control over update scheduling, grouping, and reviewer assignment to minimize developer overhead. Renovate is distributed as a containerized application or package, supporting deployment across various infrastructure environments. It provides extensive observability through operational dashboards, debug log visualization, and status check labeling to assist in monitoring the health and progress of automated update workflows. ## Tags ### Development Tools & Productivity - [Automated Update Managers](https://awesome-repositories.com/f/development-tools-productivity/automated-update-managers.md) — Scans project files to identify outdated dependencies and generates pull requests to apply updates. ([source](https://docs.renovatebot.com/)) - [Configuration Inheritance](https://awesome-repositories.com/f/development-tools-productivity/configuration-inheritance.md) — Provides a hierarchical configuration system that merges global, repository-level, and preset-based settings to enforce update policies. - [Update Managers](https://awesome-repositories.com/f/development-tools-productivity/update-managers.md) — Provides a centralized interface to track pending updates, view logs, trigger tasks, and manage manual approvals. ([source](https://docs.renovatebot.com/getting-started/use-cases/)) - [Project Lockfile Management](https://awesome-repositories.com/f/development-tools-productivity/dependency-managers/installation-resolution-utilities/project-lockfile-management.md) — Automatically regenerates lockfiles after dependency updates to ensure consistent and stable development environments. ([source](https://docs.renovatebot.com/bazel/)) - [Package Registry Integrations](https://awesome-repositories.com/f/development-tools-productivity/dependency-managers/package-registry-integrations.md) — Authenticates with private and public package registries to resolve and validate software component versions. ([source](https://docs.renovatebot.com/modules/platform/azure/)) - [Repository Management](https://awesome-repositories.com/f/development-tools-productivity/version-control-repository-tools/version-control-managers/repository-management.md) — Executes dependency updates across several repositories from a single centralized pipeline using cross-project access permissions. ([source](https://docs.renovatebot.com/modules/platform/azure/)) - [Configuration Merge Strategies](https://awesome-repositories.com/f/development-tools-productivity/developer-utilities-libraries/workflow-productivity-enhancers/developer-productivity-utilities/developer-utilities/configuration-merge-strategies.md) — Applies preferred merge styles for pull requests and automatically selects alternatives to ensure successful integration. ([source](https://docs.renovatebot.com/modules/platform/forgejo/)) - [Build Tool Integrations](https://awesome-repositories.com/f/development-tools-productivity/git-repository-integrators/build-tool-integrations.md) — Identifies and updates module versions and URLs within build configuration files by querying remote registries. ([source](https://docs.renovatebot.com/bazel/)) - [Pull Request Merging Tools](https://awesome-repositories.com/f/development-tools-productivity/pull-request-merging-tools.md) — Automatically merges pull requests once safety criteria and test suites are satisfied. ([source](https://docs.renovatebot.com/dependency-pinning/)) - [Repository Discovery Tools](https://awesome-repositories.com/f/development-tools-productivity/repository-discovery-tools.md) — Scans platforms for available projects and selectively includes them based on permission levels and repository settings. ([source](https://docs.renovatebot.com/modules/platform/forgejo/)) - [Subprocess Management](https://awesome-repositories.com/f/development-tools-productivity/subprocess-management.md) — Invokes native package managers and build tools in isolated environments to regenerate lockfiles and validate updates. - [Update Grouping Engines](https://awesome-repositories.com/f/development-tools-productivity/dependency-groups/update-grouping-engines.md) — Consolidates multiple dependency updates into single pull requests to reduce management overhead. ([source](https://docs.renovatebot.com/dependency-pinning/)) - [Abandoned Dependency Detectors](https://awesome-repositories.com/f/development-tools-productivity/package-dependency-managers/abandoned-dependency-detectors.md) — Identifies and flags abandoned software packages to help developers proactively replace unmaintained code. ([source](https://docs.renovatebot.com/presets-abandonments/)) - [Platform Versioning Tools](https://awesome-repositories.com/f/development-tools-productivity/platform-versioning-tools.md) — Adjusts behavior based on detected platform versions to enable features like merge trains or specific pull request formatting. ([source](https://docs.renovatebot.com/modules/platform/gitlab/)) - [Pipeline Task Versioning](https://awesome-repositories.com/f/development-tools-productivity/platform-versioning-tools/pipeline-task-versioning.md) — Retrieves task version information from platform APIs to keep pipeline configurations accurate and up to date. ([source](https://docs.renovatebot.com/modules/platform/azure/)) - [Pull Request Review Tools](https://awesome-repositories.com/f/development-tools-productivity/pull-request-review-tools.md) — Applies multiple users to pull requests to improve collaboration when platform tiers support concurrent assignment. ([source](https://docs.renovatebot.com/modules/platform/gitlab/)) ### DevOps & Infrastructure - [Dependency Management](https://awesome-repositories.com/f/devops-infrastructure/dependency-management.md) — Automates the maintenance of software dependencies by scanning for updates and creating pull requests. - [GitOps Dependency Synchronizers](https://awesome-repositories.com/f/devops-infrastructure/gitops-workflows/gitops-dependency-synchronizers.md) — Synchronizes repository dependencies through declarative configuration files using GitOps principles. - [Reusable Configuration Blocks](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/configuration-distribution-and-sharing/reusable-configuration-blocks.md) — Centralizes and propagates standardized update policies across multiple repositories by referencing reusable configuration files. ([source](https://docs.renovatebot.com/getting-started/use-cases/)) - [Event-Driven](https://awesome-repositories.com/f/devops-infrastructure/automation-orchestration/task-execution-frameworks/automation-frameworks/triggers-events/event-driven.md) — Orchestrates dependency update tasks by triggering logic sequences based on repository scanning, webhooks, and periodic schedules. - [Configuration Overrides](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/configuration-resolution-engines/configuration-overrides.md) — Forces specific settings to take precedence over other rules or repository-level configurations to ensure mandatory policies. ([source](https://docs.renovatebot.com/config-overview/)) - [Project Configuration Managers](https://awesome-repositories.com/f/devops-infrastructure/configuration-management/configuration-resolution-engines/project-configuration-managers.md) — Defines how dependency updates are managed through global settings, repository-specific files, and centralized presets. ([source](https://docs.renovatebot.com/config-overview/)) - [Cross-Repository Policy Propagators](https://awesome-repositories.com/f/devops-infrastructure/infrastructure/configuration-policy-enforcement/cross-repository-policy-propagators.md) — Centralizes and propagates standardized update policies across multiple repositories to maintain consistent standards. - [Container Image Management](https://awesome-repositories.com/f/devops-infrastructure/container-image-management.md) — Monitors and updates container image tags and digests within infrastructure files. - [Semantic Versioning Systems](https://awesome-repositories.com/f/devops-infrastructure/dependency-management/version-compatibility-management/semantic-versioning-systems.md) — Parses and compares version strings using semantic versioning or project-specific release patterns to identify updates. ([source](https://docs.renovatebot.com/modules/)) - [Dependency Tracking](https://awesome-repositories.com/f/devops-infrastructure/dependency-tracking.md) — Defines custom patterns to locate and track dependencies in non-standard or proprietary file formats. ([source](https://docs.renovatebot.com/getting-started/use-cases/)) - [Update Maintenance Windows](https://awesome-repositories.com/f/devops-infrastructure/automated-update-management/update-maintenance-windows.md) — Automates dependency updates using declarative scheduling and maintenance windows to minimize developer interruptions. ([source](https://docs.renovatebot.com/community-tools/)) - [Identity Configurations](https://awesome-repositories.com/f/devops-infrastructure/release-automation/git-release-automators/identity-configurations.md) — Configures author name and email for automated commits to ensure compliance with platform-specific push rules. ([source](https://docs.renovatebot.com/modules/platform/gitlab/)) ### Security & Cryptography - [Software Supply Chain Security](https://awesome-repositories.com/f/security-cryptography/software-supply-chain-security.md) — Automates the monitoring and updating of dependencies and container images to maintain secure and consistent software builds. - [Access Tokens](https://awesome-repositories.com/f/security-cryptography/access-tokens.md) — Manages personal access tokens and app installation tokens to authorize automated actions within development environments. ([source](https://docs.renovatebot.com/modules/platform/github/)) - [Sensitive Variable Redaction](https://awesome-repositories.com/f/security-cryptography/sensitive-variable-redaction.md) — Automatically masks sensitive credentials and tokens from log output to prevent accidental exposure during automated operations. ([source](https://docs.renovatebot.com/environment-variable-handling/)) ### Operating Systems & Systems Programming - [Platform Integrations](https://awesome-repositories.com/f/operating-systems-systems-programming/platform-development-integration/platform-integrations.md) — Integrates with code hosting platforms to manage dependency updates across multiple repositories from a centralized location. ([source](https://docs.renovatebot.com/modules/platform/codecommit/)) ### Web Development - [API Abstraction Layers](https://awesome-repositories.com/f/web-development/api-abstraction-layers.md) — Normalizes interactions with multiple code hosting services through a unified interface for repository and pull request management. ### Data & Databases - [Metadata-Driven](https://awesome-repositories.com/f/data-databases/update-logic/metadata-driven.md) — Applies semantic versioning and community data to determine the safety and necessity of automated dependency changes. ### Software Engineering & Architecture - [Extraction Plugins](https://awesome-repositories.com/f/software-engineering-architecture/integration-extensibility/extensibility/plugin-architectures/extraction-plugins.md) — Parses diverse project files using modular extractors to identify version declarations and dependency metadata. - [Automated Onboarding](https://awesome-repositories.com/f/software-engineering-architecture/project-management-governance/project-governance/contribution-guidelines/onboarding-documentation/automated-onboarding.md) — Automatically creates initial pull requests with default configuration files to help new projects adopt standards. ([source](https://docs.renovatebot.com/config-overview/)) ### Artificial Intelligence & ML - [Update Reliability Signals](https://awesome-repositories.com/f/artificial-intelligence-ml/face-detection/confidence-filtering/update-reliability-signals.md) — Uses community data to provide insights on update reliability for safer dependency management. ([source](https://docs.renovatebot.com/mend-hosted/overview/))