{"id":13406571,"url":"https://github.com/renovatebot/renovate","last_synced_at":"2026-06-26T21:00:58.155Z","repository":{"id":37283543,"uuid":"76734068","full_name":"renovatebot/renovate","owner":"renovatebot","description":"Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io","archived":false,"fork":false,"pushed_at":"2026-06-26T11:52:50.000Z","size":152306,"stargazers_count":21857,"open_issues_count":1209,"forks_count":3128,"subscribers_count":105,"default_branch":"main","last_synced_at":"2026-06-26T12:09:38.213Z","etag":null,"topics":["azure-devops","bitbucket","dependencies","dependencies-checking","dependency-manager","github","gitlab","npm","package-management"],"latest_commit_sha":null,"homepage":"https://mend.io/renovate","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/renovatebot.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":".github/contributing.md","funding":null,"license":"license","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2016-12-17T16:21:21.000Z","updated_at":"2026-06-26T11:41:24.000Z","dependencies_parsed_at":"2026-06-04T23:02:16.428Z","dependency_job_id":null,"html_url":"https://github.com/renovatebot/renovate","commit_stats":{"total_commits":19524,"total_committers":1311,"mean_commits":"14.892448512585812","dds":0.7298709280885065,"last_synced_commit":"c9033ac1feea0e5a58bb02dd3e4fcadd30af3f54"},"previous_names":["renovateapp/renovate","singapore/renovate"],"tags_count":11835,"template":false,"template_full_name":null,"purl":"pkg:github/renovatebot/renovate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renovatebot%2Frenovate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renovatebot%2Frenovate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renovatebot%2Frenovate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renovatebot%2Frenovate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/renovatebot","download_url":"https://codeload.github.com/renovatebot/renovate/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renovatebot%2Frenovate/sbom","scorecard":{"id":70284,"data":{"date":"2025-08-15T01:49:55Z","repo":{"name":"github.com/renovatebot/renovate","commit":"45cb5a597706e02c99d4d5b8ebe5bf5b4132ce56"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":7.3,"checks":[{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"internal error: internal error: invalid Dockerfile: Syntax error - can't find = in \"#\". Must be of the form: name=value","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Warn: jobLevel 'packages' permission set to 'write': .github/workflows/build.yml:698","Info: jobLevel 'contents' permission set to 'read': .github/workflows/trivy.yml:14","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/update-data.yml:16","Info: topLevel 'contents' permission set to 'read': .github/workflows/build.yml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:5","Info: topLevel 'contents' permission set to 'read': .github/workflows/devcontainer.yml:13","Info: found token with 'none' permissions: .github/workflows/find-issues-with-missing-labels.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/label-actions.yml:12","Info: topLevel 'discussions' permission set to 'read': .github/workflows/mend-slack.yml:8","Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:9","Info: found token with 'none' permissions: .github/workflows/trivy.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/undesirable-test-additions.yaml:8","Info: found token with 'none' permissions: .github/workflows/update-data.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/ws_scan.yaml:8"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: license:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: license:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":2,"reason":"badge detected: InProgress","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 42.0.0-next.2 not signed: https://api.github.com/repos/renovatebot/renovate/releases/239919312","Warn: release artifact 42.0.0-next.1 not signed: https://api.github.com/repos/renovatebot/renovate/releases/239897664","Warn: release artifact 41.73.1 not signed: https://api.github.com/repos/renovatebot/renovate/releases/240034242","Warn: release artifact 41.73.0 not signed: https://api.github.com/repos/renovatebot/renovate/releases/240028946","Warn: release artifact 41.72.1 not signed: https://api.github.com/repos/renovatebot/renovate/releases/239981270","Warn: release artifact 42.0.0-next.2 does not have provenance: https://api.github.com/repos/renovatebot/renovate/releases/239919312","Warn: release artifact 42.0.0-next.1 does not have provenance: https://api.github.com/repos/renovatebot/renovate/releases/239897664","Warn: release artifact 41.73.1 does not have provenance: https://api.github.com/repos/renovatebot/renovate/releases/240034242","Warn: release artifact 41.73.0 does not have provenance: https://api.github.com/repos/renovatebot/renovate/releases/240028946","Warn: release artifact 41.72.1 does not have provenance: https://api.github.com/repos/renovatebot/renovate/releases/239981270"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":5,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'allow deletion' disabled on branch 'next'","Info: 'force pushes' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'next'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'next'","Warn: 'stale review dismissal' is disabled on branch 'next'","Warn: required approving review count is 1 on branch 'main'","Warn: branch 'next' does not require approvers","Warn: codeowners review is not required on branch 'main'","Warn: codeowners review is not required on branch 'next'","Warn: 'last push approval' is disabled on branch 'next'","Warn: 'up-to-date branches' is disabled on branch 'next'","Info: status check found to merge onto on branch 'main'","Info: status check found to merge onto on branch 'next'","Info: PRs are required in order to make changes on branch 'main'","Info: PRs are required in order to make changes on branch 'next'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"CI-Tests","score":10,"reason":"30 out of 30 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 70 contributing companies or organizations","details":["Info: found contributions from: Azure, BGmi, Carthage, CycloneDX, GitHubBounty, KaTeX, NixOS, OpenLabTools, Quick, RACCommunity, ReactiveCocoa, RxSwiftCommunity, Strider-CD, Technica-Engineering, XCSoar, actix, antitypical, backstage, cla-assistant, cohere-ai, compsec-snu seoul national university, containerbase, copenhagenjs, cyprusjs, dbay-io, dependabot, dotnet, ember-cli, ember-template-lint, emberjs, finos, front-end engineer, geoalchemy, georust, gitify-app, glide-rs, glimmerjs, graphql-java-kickstart, icetekio, intellij-rust, jenkinsci, ladzaretti, ly corporation, mend, mend-forks, mend.io, microsoft, n26, nix-community, octokit, open-telemetry, parca-dev, pnpm, price-search, qunitjs, renovate-reproductions, renovateapp, renovatebot, rust-lang, rustfoundation, sap, siemens, skylines-project, swiftlang, sympy, technica engineering gmbh, visualon, vscode-shellcheck, whitesource, world kinect"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}},{"name":"Vulnerabilities","score":0,"reason":"61 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-vq52-99r9-h5pw","Warn: Project is vulnerable to: GHSA-9fm9-hp7p-53mf","Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: PYSEC-2022-43012 / GHSA-r9hx-vwmv-q579","Warn: Project is vulnerable to: PYSEC-2014-5 / GHSA-296w-6qhq-gf92","Warn: Project is vulnerable to: PYSEC-2011-2 / GHSA-3jqw-crqj-w8qw","Warn: Project is vulnerable to: PYSEC-2012-3 / GHSA-59w8-4wm2-4xw8","Warn: Project is vulnerable to: PYSEC-2012-4 / GHSA-5h2q-4hrp-v9rr","Warn: Project is vulnerable to: PYSEC-2014-6 / GHSA-625g-gx8c-xcmg","Warn: Project is vulnerable to: PYSEC-2015-8 / GHSA-6565-fg86-6jcx","Warn: Project is vulnerable to: PYSEC-2021-98 / GHSA-68w8-qjq3-2gfm","Warn: Project is vulnerable to: PYSEC-2012-2 / GHSA-78vx-ggch-wghm","Warn: Project is vulnerable to: PYSEC-2015-9 / GHSA-7fq8-4pv5-5w5c","Warn: Project is vulnerable to: PYSEC-2015-4 / GHSA-7qfw-j7hp-v45g","Warn: Project is vulnerable to: PYSEC-2011-9 / GHSA-7wph-fc4w-wqp2","Warn: Project is vulnerable to: GHSA-7xr5-9hcq-chf9","Warn: Project is vulnerable to: PYSEC-2014-2 / GHSA-89hj-xfx5-7q66","Warn: Project is vulnerable to: GHSA-8x94-hmjh-97hq","Warn: Project is vulnerable to: PYSEC-2009-3 / GHSA-9xg7-gg9m-rmq9","Warn: Project is vulnerable to: PYSEC-2016-2 / GHSA-c8c8-9472-w52h","Warn: Project is vulnerable to: PYSEC-2016-3 / GHSA-crhm-qpjc-cm64","Warn: Project is vulnerable to: PYSEC-2014-4 / GHSA-f7cm-ccfp-3q4r","Warn: Project is vulnerable to: PYSEC-2016-16 / GHSA-fp6p-5xvw-m74f","Warn: Project is vulnerable to: PYSEC-2011-8 / GHSA-fwr5-q9rx-294f","Warn: Project is vulnerable to: PYSEC-2015-5 / GHSA-gv98-g628-m9x5","Warn: Project is vulnerable to: PYSEC-2015-20 / GHSA-h582-2pch-3xv3","Warn: Project is vulnerable to: PYSEC-2011-5 / GHSA-h95j-h2rv-qrg4","Warn: Project is vulnerable to: PYSEC-2020-35 / GHSA-hmr4-m2h5-33qx","Warn: Project is vulnerable to: PYSEC-2015-6 / GHSA-jhjg-w2cp-5j44","Warn: Project is vulnerable to: PYSEC-2009-4 / GHSA-p6m5-h7pp-v2x5","Warn: Project is vulnerable to: PYSEC-2016-15 / GHSA-pw27-w7w4-9qc7","Warn: Project is vulnerable to: PYSEC-2015-10 / GHSA-q5qw-4364-5hhm","Warn: Project is vulnerable to: PYSEC-2011-4 / GHSA-rm2j-x595-q9cj","Warn: Project is vulnerable to: GHSA-rrqc-c2jx-6jgv","Warn: Project is vulnerable to: PYSEC-2014-1 / GHSA-rvq6-mrpv-m6rm","Warn: Project is vulnerable to: PYSEC-2014-7 / GHSA-rw75-m7gp-92m3","Warn: Project is vulnerable to: PYSEC-2019-16 / GHSA-vfq6-hq5r-27r6","Warn: Project is vulnerable to: PYSEC-2014-3 / GHSA-wqjj-hx84-v449","Warn: Project is vulnerable to: PYSEC-2011-3 / GHSA-wxg3-mfph-qg9w","Warn: Project is vulnerable to: PYSEC-2011-1 / GHSA-x88j-93vc-wpmp","Warn: Project is vulnerable to: PYSEC-2007-1","Warn: Project is vulnerable to: PYSEC-2008-1","Warn: Project is vulnerable to: PYSEC-2008-2","Warn: Project is vulnerable to: PYSEC-2015-11","Warn: Project is vulnerable to: PYSEC-2015-7","Warn: Project is vulnerable to: PYSEC-2016-18 / GHSA-3f2c-jm6v-cr35","Warn: Project is vulnerable to: PYSEC-2020-36 / GHSA-3gh2-xw74-jmcw","Warn: Project is vulnerable to: GHSA-6c3j-c64m-qhgq","Warn: Project is vulnerable to: PYSEC-2017-9 / GHSA-37hp-765x-j95x","Warn: Project is vulnerable to: PYSEC-2016-14 / GHSA-46x4-9jmv-jc8p","Warn: Project is vulnerable to: PYSEC-2017-10 / GHSA-h4hv-m4h4-mhwg","Warn: Project is vulnerable to: PYSEC-2016-17 / GHSA-mv8g-fhh6-6267"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-15T03:41:08.710Z","repository_id":37283543,"created_at":"2025-08-15T03:41:08.711Z","updated_at":"2025-08-15T03:41:08.711Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34832916,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-26T02:00:06.560Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure-devops","bitbucket","dependencies","dependencies-checking","dependency-manager","github","gitlab","npm","package-management"],"created_at":"2024-07-30T19:02:33.838Z","updated_at":"2026-06-26T21:00:58.138Z","avatar_url":"https://github.com/renovatebot.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","Awesome CVEs tools","CI/CD","OSS and Dependency management","Applications","Dependency intelligence","Tooling— Feature flags, environments and change management","Tooling","Dependency management","npm","其他","Development","Repos","🛠️ Developer Tools","Maintenance Managers","Dependencies management","github","Productivity \u0026 Automation","Active projects","Dependency Automation"],"sub_categories":["Dependency Management","DevOps","SCA and SBOM","General","Shell into containers","网络服务_其他","Feature flags and change management","A11y (accessibility)","Applications","Self-Healing CI"],"readme":"![Mend Renovate CLI banner](https://docs.renovatebot.com/assets/images/mend-renovate-cli-banner.jpg)\n\n[![License: AGPL-3.0-only](https://img.shields.io/badge/license-%20%09AGPL--3.0--only-blue.svg)](https://raw.githubusercontent.com/renovatebot/renovate/main/license)\n[![codecov](https://codecov.io/gh/renovatebot/renovate/branch/main/graph/badge.svg)](https://codecov.io/gh/renovatebot/renovate)\n[![Renovate enabled](https://img.shields.io/badge/renovate-enabled-brightgreen.svg)](https://renovatebot.com/)\n[![Build status](https://github.com/renovatebot/renovate/actions/workflows/build.yml/badge.svg)](https://github.com/renovatebot/renovate/actions/workflows/build.yml)\n![Docker Pulls](https://img.shields.io/docker/pulls/renovate/renovate?color=turquoise)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/renovatebot/renovate/badge)](https://securityscorecards.dev/viewer/?uri=github.com/renovatebot/renovate)\n\n# What is the Mend Renovate CLI?\n\nRenovate is an automated dependency update tool.\nIt helps to update dependencies in your code without needing to do it manually.\nWhen Renovate runs on your repo, it looks for references to dependencies (both public and private) and, if there are newer versions available, Renovate can create pull requests to update your versions automatically.\n\n## Features\n\n- Delivers update PRs directly to your repo\n  - Relevant package files are discovered automatically\n  - Pull Requests automatically generated in your repo\n- Provides useful information to help you decide which updates to accept (age, adoption, pass rates, merge confidence)\n- Highly configurable and flexible to fit in with your needs and repository standards\n- Largest collection of languages and platforms (listed below)\n- Connects with private repositories and package registries\n\n### Languages\n\nRenovate can provide updates for most popular languages, platforms, and registries including: npm, Java, Python, .NET, Scala, Ruby, Go, Docker and more.\nSupports over [90 different package managers](https://docs.renovatebot.com/modules/manager/).\n\n### Platforms\n\nRenovate updates code repositories on the following platforms: GitHub, GitLab, Bitbucket, Azure DevOps, AWS Code Commit (experimental), Gitea, Forgejo, Gerrit (experimental), SCM-Manager (experimental)\n\n## Ways to run Renovate\n\nThe most effective way to run Renovate is to use an automated job scheduling system that regularly runs Renovate on all enabled repositories and responds with priority to user activity.\nMend offers cloud-hosted and self-hosted solutions.\nSee the options below.\n\n### Mend Renovate Community (Cloud-Hosted)\n\n**Supports: GitHub.com, Bitbucket Cloud**\n\nHosted by Mend.io.\nNo setup is needed.\nCommunity plan available (Free)\n\n- GitHub Cloud: Install the [Renovate Cloud-Hosted App](https://github.com/apps/renovate) on your GitHub org, then select the repos to enable\n- Bitbucket Cloud: Add the [Mend App](https://marketplace.atlassian.com/apps/1232072/mend) to your Workspace, then add the Mend Renovate user to the projects you want to enable\n\n### Mend Renovate Community (Self-hosted)\n\n**Supports: GitHub, GitLab, Bitbucket Data Center**\n\nInstall and run your own Renovate server.\nAccess internal packages.\n\n- [Mend Renovate Community Self-Hosted](https://github.com/mend/renovate-ce-ee/tree/main/docs) (Free)\n- [Mend Renovate Enterprise](https://www.mend.io/mend-renovate/) (Paid plan)\n\n### Other ways to run Renovate\n\nIf you can’t use a pre-built job scheduling system, or want to build your own, the following options are available:\n\n#### Run Renovate on your Pipeline\n\nMend provides a _**GitHub Action**_ or a _**GitLab Runner**_ to help you run Renovate as a CI pipeline job.\n\n- GitHub Action: [renovatebot/github-action](https://github.com/renovatebot/github-action).\n- GitLab Runner: [Renovate Runner project](https://gitlab.com/renovate-bot/renovate-runner/)\n- AzureDevOps action: [Renovate Me extension](https://marketplace.visualstudio.com/items?itemName=jyc.vsts-extensions-renovate-me)\u003cbr\u003e\n  _Note: This extension is created and maintained personally by a Renovate developer/user. Support requests for the extension will not be answered directly in the main Renovate repository._\n- Custom pipeline: You can create a custom pipeline with a **yml** definition that triggers **npx renovate**. [More details on how to configure the pipeline](https://docs.renovatebot.com/modules/platform/azure/).\n\n#### Run Renovate CLI\n\nThere are several ways to run the Renovate CLI directly.\nSee docs: [Running Renovate](https://docs.renovatebot.com/getting-started/running/) for all options.\n\n**Supports: all platforms**\n\nFor additional community-maintained options, see the [Community Tools](https://docs.renovatebot.com/community-tools/) page.\n\n## Docs\n\n### More about Renovate\n\n- Renovate basics\n  - [Why use Renovate](https://docs.renovatebot.com/#why-use-renovate)\n  - [What does it do? / How does it work?](https://docs.renovatebot.com/key-concepts/how-renovate-works/)\n  - [Who is using it?](https://docs.renovatebot.com/#who-uses-renovate)\n- Supported platforms and languages\n  - [Supported platforms](https://docs.renovatebot.com/#supported-platforms)\n  - [Supported languages / package managers](https://docs.renovatebot.com/modules/manager/)\n- Advanced Renovate usage\n  - [Accessing private packages](https://docs.renovatebot.com/getting-started/private-packages/)\n  - [Merge Confidence data](https://docs.renovatebot.com/merge-confidence/)\n\n### Renovate Docs\n\n- [Renovate Configuration](https://docs.renovatebot.com/configuration-options/)\n- [Mend Renovate Self-Hosted Docs](https://github.com/mend/renovate-ce-ee/tree/main/docs)\n\n### Comparisons\n\n- [Different ways to run Renovate](https://www.mend.io/renovate/)\n- [Renovate vs Dependabot](https://docs.renovatebot.com/bot-comparison/)\n\n## Get involved\n\n### Issues and Discussions\n\nPlease open a Discussion to get help, suggest a new feature, or to report a bug.\nWe only want maintainers to open Issues.\n\n- [GitHub Discussions for Renovate](https://github.com/renovatebot/renovate/discussions)\n\n### Contributing\n\nTo contribute to Renovate, or run a local copy, please read the contributing guidelines.\n\n- [Guidelines for Contributing](https://github.com/renovatebot/renovate/blob/main/.github/contributing.md)\n- Items that need contribution: [good first issues](https://github.com/renovatebot/renovate/contribute)\n\n### Contact and Social Media\n\nThe Renovate project is proudly supported and actively maintained by Mend.io.\n\n- Contact [Mend.io](https://www.mend.io/) for commercial support questions.\n\nFollow us on:\n\n- Twitter: [x.com/mend_io](https://x.com/mend_io)\n- LinkedIn: [linkedin.com/company/mend-io](https://linkedin.com/company/mend-io)\n\n## Security / Disclosure\n\nIf you find any bug with Renovate that may be a security problem, please report it through the [GitHub Security Advisories process](https://github.com/renovatebot/renovate/security/advisories).\nThis way we can evaluate the bug and hopefully fix it before it gets abused.\nPlease give us enough time to investigate the bug before you report it anywhere else.\n\nIf you would like to discuss a potential finding before raising the Advisory, then e-mail us at: [renovate-disclosure@mend.io](mailto:renovate-disclosure@mend.io).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frenovatebot%2Frenovate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frenovatebot%2Frenovate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frenovatebot%2Frenovate/lists"}