Dep Update Tool Configured + Dependabot Collector

✓ Guardrail ↓ Collector Beta Security And Compliance

Enforce Dep Update Tool Configured using data collected by Dependabot Collector. Automatically check security and compliance standards on every PR.

Guardrail: Requires at least one dependency update tool (Dependabot or Renovate) to be configured in the repository. Fails if neither tool's config file is found.

Data Source: Parses .github/dependabot.yml to collect dependency update configuration including covered ecosystems, update schedules, and directory targets. Enables enforcement of dependency automation standards.

Get Started View on GitHub

How Dependabot Collector Powers This Guardrail

The Dependabot Collector gathers metadata from your security systems. This data flows into Lunar's Component JSON, where the Dep Update Tool Configured guardrail evaluates it against your standards.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.

↓ Dependabot Collector Gathers Data Collector

Extracts metadata from code, configs, and tool outputs

{ } Component JSON

Data centralized in structured format for evaluation

✓ Dep Update Tool Configured Checks Guardrail

Pass/fail result with actionable feedback in PRs

Quick Start Configuration

Add both the collector and policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml

# Step 1: Enable the Dependabot Collector
collectors:
  - uses: github://earthly/lunar-lib/collectors/dependabot@v1.0.5
    # with: ...

# Step 2: Enable the Dependency Automation Guardrails
policies:
  - uses: github://earthly/lunar-lib/policies/dep-automation@v1.0.5
    include: [dep-update-tool-configured]
    # with: ...

What Dependabot Collector Collects

This collector gathers the following data that the Dep Update Tool Configured guardrail evaluates.

Collector code

`config`

Scans the repository for a Dependabot configuration file at .github/dependabot.yml (or .yaml variant). Parses the YAML to extract the schema version, update entries (ecosystem, directory, schedule), and a normalized list of covered ecosystems. Writes structured data to .dep_automation.dependabot.

Example Data Flow

Here's an example of the data that Dependabot Collector writes to the Component JSON, which Dep Update Tool Configured then evaluates.

{ } component.json From Dependabot Collector

{
  "dep_automation": {
    "dependabot": {
      "valid": true,
      "path": ".github/dependabot.yml",
      "version": 2,
      "updates": [
        {
          "package_ecosystem": "npm",
          "directory": "/",
          "schedule": "weekly",
          "open_pull_requests_limit": 5
        },
        {
          "package_ecosystem": "docker",
          "directory": "/",
          "schedule": "weekly",
          "open_pull_requests_limit": 5
        },
        {
          "package_ecosystem": "github-actions",
          "directory": "/",
          "schedule": "weekly",
          "open_pull_requests_limit": 5
        }
      ],
      "ecosystems": ["docker", "github-actions", "npm"],
      "update_count": 3
    }
  }
}

Configuration Options

Dependabot Collector Inputs

Input	Required	Default	Description
`paths`	Optional	`.github/dependabot.yml,.github/dependabot.yaml`	Comma-separated list of Dependabot config file paths to check (first match wins)

Dependency Automation Guardrails Inputs

Input	Required	Default	Description

Learn More

Guardrail · Dependency Automation Guardrails Dep Update Tool Configured View all compatible integrations

→

Collector Dependabot Collector View full documentation

→

Ready to Automate Your Standards?

See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process

AI agent rules & prompt files

Post-mortem action items

Security & compliance policies

Testing & quality requirements

Automate Now

Paste your AGENTS.md or manual process doc and get guardrails in minutes

Book a Demo