bot-comparison.md
-
HonkingGoose authoredHonkingGoose authored
- Bot comparison
- Table of features
- Hosted app
- Dependency Dashboard
- Grouped updates
- Upgrades common monorepo packages at once
- Supported platforms
- Supported languages
- Show changelogs
- Compatibility score badges
- Built-in to GitHub vs app
- Scheduling
- License
- Programming language of project
- Self-hosting a bot
- Self-hosting Renovate
- Self-hosting Dependabot
- As a GitHub Actions workflow on GitHub
- dependabot-core
- dependabot-script
- dependabot-gitlab/dependabot
Bot comparison
This page explains the key differences between Renovate and Dependabot, to help you choose a bot. We're trying to be as objective as possible, so this is not a "versus" or anti-Dependabot page.
If you see anything wrong on this page, please let us know by creating a Discussion, or edit this page with a PR.
Table of features
| Feature | Renovate | Dependabot |
|---|---|---|
| Dependency Dashboard | Yes | No |
| Grouped updates | Yes, use community-provided groups, or create your own | Yes, create groups manually |
| Upgrades common monorepo packages at once | Yes | No |
| Officially supported platforms | GitHub, GitLab, Bitbucket, Azure, Gitea, see full list | GitHub only |
| Supported languages | List for Renovate | List for Dependabot |
| Show changelogs | Yes | Yes |
| Compatibility score badges | Four badges showing: Age, Adoption, Passing, Confidence | One badge with overall compatibility score |
| Built-in to GitHub | No, requires app or self-hosting | Yes |
| Scheduling | By default, Renovate runs as often as it is allowed to, read Renovate scheduling to learn more | Yes: daily, weekly, monthly
|
| License | GNU Affero General Public License | MIT License |
| Programming language of project | TypeScript | Ruby |
| Project pulse | renovatebot/renovate monthly pulse |
dependabot-core monthly pulse |
| Contributor graph | renovatebot/renovate contributor graph |
dependabot-core contributor graph |
Hosted app
This section explains the key differences between the Mend Renovate app and the GitHub-native Dependabot.
Even if you're going to self-host a bot, read the hosted app section first, because many features and concepts are similar. Then read the self-hosted section.
Dependency Dashboard
One big feature of Renovate is the Dependency Dashboard, which is enabled by default. Read the Key concepts, Dependency Dashboard page to learn more.
Dependabot does not have a similar feature.
Grouped updates
Renovate comes with community-provided groupings of dependencies. So Renovate groups common dependencies into a single PR, out-of-the-box.
Dependabot can group dependencies into a single PR too, but you must set your own groups first.
Upgrades common monorepo packages at once
Renovate has a group:monorepos preset, that upgrades common monorepo packages in a single PR.
Dependabot does not update common monorepo packages in a single PR.
Supported platforms
Platform means the Git-hosting site or program, for example GitHub, GitLab or Azure.
Renovate works on multiple platforms, including GitHub. Read the list of Renovate platforms to learn more.
The official Dependabot program only works on GitHub.
If you're an advanced user, you may use the dependabot-core repository as a base to build your own Dependabot, which you can run on other platforms.
Supported languages
Show changelogs
| Feature | Renovate | Dependabot |
|---|---|---|
| Link to GitHub release | Yes, to specific release tag | Yes, to "releases landing page" |
| Link to GitHub's comparing changes UI | Yes | Yes |
| Release notes | Yes | Yes |
| Links to issues | Yes | Yes |
Upstream CHANGELOG file |
No | Yes |
| Recent commits | No | Yes |
| Link to individual commits | No | Yes |
Compatibility score badges
Renovate shows four Merge Confidence badges in its PRs:
- Age: The age of the package
- Adoption: The percentage of this package's users (within Renovate) which are using this release
- Passing: The percentage of updates which have passing tests for this package
- Confidence: The confidence level for this update
Read the Merge Confidence badges page to learn more.
Dependabot shows one compatibility score badge in its PRs. This score tells you how many other repositories have passing CI tests for the proposed update. Read the GitHub Docs, Dependabot's compatibility scores to learn more about Dependabot's badge.
Built-in to GitHub vs app
Renovate needs app installation or self-hosting.
Dependabot is built-in to GitHub.
Scheduling
You can set a schedule for Renovate, per dependency, manager, or even a global schedule. Read Renovate scheduling to learn more.
Dependabot has four options that apply at a language level:
License
Renovate uses the GNU Affero General Public License.
Dependabot uses the MIT License.
Neither license is relevant to the end user though if consuming through an App/SaaS.
Programming language of project
Renovate uses TypeScript.
dependabot-core uses Ruby.
Self-hosting a bot
This section explains how to self-host each bot.
Self-hosting Renovate
You can self-host Renovate on all officially supported platforms.
If you decide to self-host Renovate, read the items from the Self-hosting Renovate reading list.
Available Renovate distributions:
- npm package (CLI)
- Docker images
- GitHub Action
- GitLab Runner
- Mend Renovate On-Premises
- Mend Remediate (commercial offering)
- Forking Renovate app
Self-hosting Dependabot
You can self-host Dependabot on other platforms than GitHub but none are officially supported.
As a GitHub Actions workflow on GitHub
You can run Dependabot as a GitHub Actions workflow on hosted and self-hosted runners. Learn more by reading the:
- GitHub Blog, Dependabot on GitHub Actions and self-hosted runners is now generally available
- GitHub Docs, About Dependabot on GitHub Actions runners
dependabot-core
If you want to customize Dependabot, or self-host on another platform, you can use dependabot-core.
Quote from the dependabot-core readme:
It [
dependabot-core] currently supports opening Pull Requests against repositories hosted on GitHub, Github Enterprise, Azure DevOps, GitLab, BitBucket, and AWS CodeCommit.
dependabot-script
The Dependabot team has a community-maintained collection of scripts to start self-hosting Dependabot: dependabot-script but the repository has included a message warning that the scripts are broken since March 2023.
dependabot-gitlab/dependabot
There's also a community-maintained Dependabot for GitLab: dependabot-gitlab/dependabot.