Dependabot already updates your public dependencies, such as open source dependencies from a public GitHub repository, npm, Maven Central, or similar. Now, you can also update dependencies from private GitHub repositories. This feature is available for most package managers supported by Dependabot version updates, except bundler, hex, and pip.

To get started, grant Dependabot access to some or all of your private repositories on your organization's security & analysis settings page:

Learn more about Dependabot version updates