Getting Started

Paklo brings automated dependency updates to Azure DevOps repositories using Dependabot. Choose the deployment method that best fits your needs:

Deployment Options

Azure DevOps Extension

Run Dependabot in your Azure Pipelines with full control over scheduling and configuration.

Best for: Teams who want to manage updates in their existing pipeline infrastructure.

Learn more →

CLI

Run Dependabot locally or in any CI/CD environment with Docker support.

Best for: Local testing, custom automation, or non-Azure DevOps CI/CD systems.

Learn more →

Hosted Service

Fully managed Dependabot updates without infrastructure management.

Best for: Teams who want automatic updates without pipeline configuration or maintenance.

Learn more →

Quick Start: Azure DevOps Extension

1. Install the Dependabot extension from the Visual Studio Marketplace.

2. Create a dependabot.yml file at .github/dependabot.yml or .azuredevops/dependabot.yml:

   version: 2
   updates:
     - package-ecosystem: "npm"
       directory: "/"
       schedule:
         interval: "weekly"

3. Create a pipeline with the dependabot@2 task:

   trigger: none # Disable CI trigger
   
   schedules:
     - cron: '0 0 * * 0' # Weekly on Sunday at midnight UTC
       always: true
       branches:
         include:
           - main
       batch: true
       displayName: Weekly Dependabot
   
   pool:
     vmImage: 'ubuntu-latest' # Requires macOS or Ubuntu (Windows not supported)
   
   steps:
     - task: dependabot@2
       inputs:
         mergeStrategy: 'squash'

The task accepts many inputs such as dryRun, setAutoComplete, and mergeStrategy. See Azure DevOps Extension for the full list.

Configuration

All deployment methods use the same dependabot.yml configuration format. See Configuration for complete documentation.

Next Steps

• Configuration - Complete dependabot.yml reference
• Private Registries - Configure private package feeds
• Security Advisories - Security-only updates
• Troubleshooting - Common issues and solutions