Analyzed
9 days
ago.
based on code collected
9 days
ago.
Project Summary
Dependabot Core is a collection of packages for automating dependency updating in Ruby, JavaScript, Python, PHP, Elixir, Elm, Go, Rust, Java and .NET. It can also update git submodules, Docker files, and Terraform files.
🤖 Dependabot's update PR creation logic. Feedback: https://github.com/orgs/community/discussions/categories/code-security
In a Nutshell, dependabot-core...
- ...
- ...
-
...
has a well established, mature codebase
maintained by a very large development team
with increasing Y-O-Y commits -
...
took an estimated 124 years of effort (COCOMO model)
starting with its first commit in October, 2015
ending with its most recent commit 10 days ago
Quick Reference
https://github.com/dependabot/de...
Project Security
Vulnerabilities per Version ( last 10 releases )
Project Vulnerability Report
Security Confidence Index
Poor security track-record
Favorable security track-record
Vulnerability Exposure Index
Many reported vulnerabilities
Few reported vulnerabilities
Did You Know...
-
...
55% of companies leverage OSS for production infrastructure
-
...
by exploring contributors within projects, you can view details on every commit they have made to that project
-
...
use of OSS increased in 65% of companies in 2016
-
...
learn about Open Hub updates and features on the Open Hub blog
30 Day SummaryFeb 23 2026 — Mar 25 2026
|
12 Month SummaryMar 25 2025 — Mar 25 2026
|
