0

Hopefully straight forward but strangely haven't been able to find the answer through a search. We are looking at setting up dependabot through Github to update dependencies for us. We use C# primarily & have libs in both NuGet & our own instance of ProGet. I can set the eco system to nuget but what would I need to do to get it to use our ProGet instance.

Is this the private package registries I have read about & I need to set up the config to use ProGet in a private section? Or can I use nuget & the correct registry will be picked up from the project?

onesixtyfourth
  • 744
  • 9
  • 30

1 Answers1

1

You need to configure your private feed in your /.github/dependabot.yml:

...

registries:
  nuget-example:
    type: nuget-feed
    url: https://nuget.example.com/v3/index.json
    username: octocat@example.com
    password: ${{secrets.MY_NUGET_PASSWORD}}

...

And if your feed needs a password or token, set that up in the dependabot secret section as well.

Add a dependabot secret

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-private-registries

jessehouwing
  • 106,458
  • 22
  • 256
  • 341