renovate VS dependabot

Compare renovate vs dependabot and see what are their differences.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
renovate dependabot
120 2
17,254 -
2.5% -
10.0 -
4 days ago -
TypeScript
GNU Affero General Public License v3.0 -
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

renovate

Posts with mentions or reviews of renovate. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-09-16.
  • Show HN: Ts-remove-unused – Remove unused code from your TypeScript project
    8 projects | news.ycombinator.com | 16 Sep 2024
    I tried it on https://github.com/renovatebot/renovate

    It deleted 100s of files, most of which were Jest test files, and potentially all of which were a mistake. I restored them all with `git restore $(git ls-files -d)`.

    I then ran `tsc` on the remaining _modified_ files and `Found 3920 errors in 511 files.`

    Obviously at that point I had no choice but to discard all changes and unfortunately I would not recommend this for others to even try.

  • The GitOps Kubernetes starter template that gets you set-up in minutes instead of hours
    5 projects | dev.to | 8 Aug 2024
    Once Renovate is integrated to track your GitOps repo, it will look for Glasskube packages and compare their versions to the official package repositories. When new versions are available, it will automatically open a PR. Once merged, you’ll be running the latest versions of your packages.
  • Show HN: Glasskube – open-source Kubernetes Package Manager, alternative to Helm
    12 projects | news.ycombinator.com | 25 Jun 2024
    Thanks for your input, let me comment on your points one by one.

    > However things like helmfile with renovate paired with a pipeline is my personal preference even if just for ensuring things remain consistent in a repo.

    Glasskube packages can also be put inside a GitOps repository as every package is a CR (custom resource). (They can even be configured via the CLI using the `--dry-run` and `--output yaml` flags and than put into git. In addition we are working on pull request to support package updates via Renovate: https://github.com/renovatebot/renovate/issues/29322

    > The package controller reminds me a lot of Helm tiller with older versions of helm, and it became a big security issue for a lot of companies, so much so that helm3 removed it and did everything clientside via configmaps. Curious how this project plans on overcoming that.

    As helm3 is now a client side tool only, that means that it can't enforce any RBAC by itself. OLM introduced Operator Groups (https://olm.operatorframework.io/docs/advanced-tasks/operato...) which introduces a permissions on an operator level. We might introduce something similar for Glasskube packages. Glasskube itself will still require be quite powerful, but we can than scope packages and introduce granular permissions.

  • Understanding Mend Renovate's Pull Request Workflow
    1 project | dev.to | 21 May 2024
    To get started with Mend Renovate, the comprehensive official documentation provides detailed instructions on installation, configuration, and best practices. Additionally, the Mend Renovate community forum offers a platform for users to connect, share experiences, and access the collective knowledge base.
  • Git commit helper: add emojis to your commits
    10 projects | dev.to | 4 May 2024
  • 💡Automatic Deployment of your project dependencies updates on GCP : Efficiency vs. Cost?
    2 projects | dev.to | 30 Apr 2024
    This month, I gave a talk with my Zenika colleague Lise at the DevoxxFR conference about Renovate and Dependabot, two great tools to help you automatize and upgrade your dependencies.
  • How use Renovate Bot on self-hosted GitLab
    3 projects | dev.to | 22 Apr 2024
    There is no built-in Renovate Bot on a self-hosted GitLab. What can we do to set it up and enjoy all the benefits of automatic dependency updates?
  • Self-Hosted Is Awesome
    6 projects | news.ycombinator.com | 13 Apr 2024
    > Yes, it is awesome until you have to sysadmin it, apply updates, patch it, fix security holes, etc. I am not saying all self-hosted solutions are like that. There are exceptions. However, the majority of open-source self-hosted solutions require a lot of extra work.

    I'm currently self-hosting 10 different applications on my local server, which represents everything I've ever seen that looked fun or useful to me. Every one of them had a Docker image with an example compose file, which means updating them just requires periodically running Renovate [0] on the repo that stores all my compose files and then running a script that docker compose pulls the updates. It takes maybe 10 minutes every other week, and is actually kinda fun.

    It helps that all the apps are only accessible from within my VPN, so I'm not too worried about fixing security updates within a tiny time window.

    [0] https://github.com/renovatebot/renovate

  • Why I recommend Renovate over any other dependency update tools
    6 projects | news.ycombinator.com | 12 Apr 2024
    This is a big deal! Where did you read this? I found:

    https://github.com/renovatebot/renovate/discussions/26917

  • Locally test and validate your Renovate configuration files
    4 projects | dev.to | 9 Apr 2024
    Renovate is an automated dependency management tool that can be used to keep your dependencies up-to-date. It can be configured to automatically create pull requests to update your dependencies, and it supports a wide range of package managers and platforms.

dependabot

Posts with mentions or reviews of dependabot. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-04-08.
  • PRs from Fake Dependabot
    1 project | /r/webdev | 29 Sep 2023
    This is a pretty serious flaw in GitHub. Especially on mobile, it would be very easy to be tricked into thinking that a PR was legitimately from Dependabot. In the app, you can't notice see the URL of the profile to see if it's https://github.com/apps/dependabot. You could even review changes in the PR but maybe not notice a letter swap in a package name. Even requiring signatures isn't enough since commits on the web are signed with the exact same key Dependabot uses!
  • Let the bots do the releases for you
    4 projects | dev.to | 8 Apr 2021
    dependabot[bot] posted on Apr 08, 2021

What are some alternatives?

When comparing renovate and dependabot you can also consider the following projects:

dependabot-core - 🤖 Dependabot's core logic for creating update PRs.

migrator - Super fast and lightweight DB migration & evolution tool written in Go

scala-steward - :robot: A bot that helps you keep your projects up-to-date

project-bot

updatecli - A Declarative Dependency Management tool

github-actions-and-renovate

bitbucket-branch-source-plugin - Bitbucket Branch Source Plugin

charts - Bitnami Helm Charts

watchtower - A process for automating Docker container base image updates.

charts - ⚠️ Deprecated : Helm charts for applications you run at home

git-link - Emacs package to get the GitHub/Bitbucket/GitLab/... URL for a buffer location

ort - A suite of tools to automate software compliance checks.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured