Enforce Dep Update Tool Configured using data collected by Renovate Collector. Automatically check security and compliance standards on every PR.
How Renovate Collector Powers This Guardrail
The Renovate Collector gathers metadata from your security systems. This data flows into Lunar's Component JSON, where the Dep Update Tool Configured guardrail evaluates it against your standards.
When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.
Quick Start Configuration
Add both the collector and policy to your lunar-config.yml to enable this guardrail.
# Step 1: Enable the Renovate Collector
collectors:
- uses: github://earthly/lunar-lib/collectors/renovate@v1.0.5
# with: ...
# Step 2: Enable the Dependency Automation Guardrails
policies:
- uses: github://earthly/lunar-lib/policies/dep-automation@v1.0.5
include: [dep-update-tool-configured]
# with: ...What Renovate Collector Collects
This collector gathers the following data that the Dep Update Tool Configured guardrail evaluates.
config
Scans the repository for Renovate configuration in standard locations: renovate.json, .renovaterc, .renovaterc.json, or the "renovate" key in package.json. Writes the full parsed config verbatim to .dep_automation.native.renovate and extracts a normalized summary (extends, enabled managers) to .dep_automation.renovate for policies.
Example Data Flow
Here's an example of the data that Renovate Collector writes to the Component JSON, which Dep Update Tool Configured then evaluates.
{
"dep_automation": {
"renovate": {
"valid": true,
"path": "renovate.json",
"extends": ["config:base", "group:recommended"],
"all_managers_enabled": true,
"enabled_managers": []
},
"native": {
"renovate": {
"extends": ["config:base", "group:recommended"],
"packageRules": [
{"matchUpdateTypes": ["minor", "patch"], "automerge": true},
{"matchPackagePatterns": ["^@types/"], "groupName": "type definitions"},
{"matchDepTypes": ["devDependencies"], "rangeStrategy": "pin"}
],
"schedule": ["before 9am on monday"],
"labels": ["dependencies"]
}
}
}
}Configuration Options
Renovate Collector Inputs
| Input | Required | Default | Description |
|---|---|---|---|
paths |
Optional |
renovate.json,renovate.json5,.github/renovate.json,.github/renovate.json5,.gitlab/renovate.json,.gitlab/renovate.json5,.renovaterc,.renovaterc.json,.renovaterc.json5,package.json
|
Comma-separated list of Renovate config file paths to check (first match wins). Default covers every location Renovate itself reads, across GitHub/GitLab/Bitbucket/ Azure DevOps and self-hosted installs — config location depends on SCM host, not CI environment. When the path is package.json, the collector extracts the top-level "renovate" key (and treats its absence as "not a renovate config" before moving on). |
Dependency Automation Guardrails Inputs
| Input | Required | Default | Description |
|---|
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
AI agent rules & prompt files
Post-mortem action items
Security & compliance policies
Testing & quality requirements