Organization administrators can now centrally configure private registries for Dependabot at the organization level, streamlining dependency management across all repositories.

What’s new

Previously, organizations had to individually configure private registry credentials in each repository’s dependabot.yml file, which was a time-consuming process for organizations with many repositories. With this release, organization administrators with GitHub Advanced Security (Code Security) can now centrally manage private registry access through the same interface used for code scanning private registry configuration.

How it works

Organization-level configurations serve as defaults while preserving flexibility for repository-specific needs. If a repository has private registry access configured in its dependabot.yml file, Dependabot will attempt to use those repository-level credentials first. If that fails or no repository-level configuration exists, Dependabot will fall back to the organization-level settings.

Key benefits

Simplified management at scale
Configure credentials once at the organization level instead of repeating setup across dozens or hundreds of repositories.

Reduced maintenance overhead
Update registry credentials in one location rather than tracking down and updating individual repository configurations.

Comprehensive ecosystem support
Works with most registries across all supported Dependabot ecosystems. See our documentation for the complete list.

Requirements

This feature is available to all public repositories. Private repository support is available to GitHub Advanced Security customers as part of the Code Security SKU.

Repository-level private registry configuration through dependabot.yml remains available to all users and does not require GitHub Advanced Security.

Get started

Ready to simplify your dependency management? Check out our configuration guide to set up organization-level private registries for Dependabot.

Have questions or feedback? Join the conversation in GitHub Community discussions or learn more about GitHub Advanced Security.