What is deppbot?
deppbot is an automated service designed to keep Ruby applications updated and secure. It runs bundle update based on a configured schedule and sends the results as Pull Requests directly to GitHub. This ensures that applications benefit from daily improvements to included gems while minimizing security risks and bugs associated with outdated dependencies.
The tool goes beyond simple notifications by actively performing updates and creating easy-to-review Pull Requests. It also periodically checks for RubyGem vulnerabilities and fixes them automatically. Users can configure the base branch for Pull Requests to align with their Git strategy, and each Pull Request includes detailed information about updated RubyGems with links to changelogs for transparency.
Features
- Automated Bundle Updates: Runs bundle update on configured schedules and creates GitHub Pull Requests
- Vulnerability Scanning: Periodically checks Ruby applications for RubyGem vulnerabilities and fixes them automatically
- Configurable Base Branch: Allows customization of the base branch for Pull Requests to match Git workflow strategies
- Detailed Pull Requests: Includes comprehensive lists of added, removed, or updated RubyGems with version comparison links
- Changelog Integration: Provides links to dependency changelogs for each updated gem to facilitate review processes
Use Cases
- Automating dependency updates for Ruby on Rails applications
- Maintaining security compliance through regular vulnerability scanning
- Reducing manual maintenance time for development teams
- Ensuring applications stay current with latest gem improvements
- Streamlining code review processes with detailed update information
FAQs
-
What happens if a gem update breaks my application?
deppbot integrates with existing CI systems, allowing tests to run against the Pull Request before merging, helping identify potential breakages. -
Can I configure how often updates run?
Yes, deppbot allows configuration of update schedules to match your development workflow requirements. -
Does deppbot support private repositories?
Yes, paid plans include support for private repositories with different tiers offering 1, 3, or 10 private repositories. -
What version control systems does deppbot support?
Currently deppbot supports GitHub, with plans to potentially expand to BitBucket and GitLab based on user feedback.
Related Queries
Helpful for people in the following professions
deppbot Uptime Monitor
Average Uptime
100%
Average Response Time
393.42 ms
