Skip to content

GitHub App


GitHub App



Automated Dependency Updates

WhiteSource Renovate keeps source code dependencies up-to-date using automated Pull Requests. It will scan repositories for dependencies inside files such as package.json (npm/yarn), go.mod (Golang), Dockerfile/docker-compose.yml (Docker), requirements.txt (Python/PIP), composer.json (PHP), .travis.yml (Travis) and WORKSPACE (Bazel) files, and submit Pull Requests with updated versions whenever they are found.

This WhiteSource Renovate App is free to install for both public and private repositories. Service is provided complimentary of WhiteSource and no paid plan is required.

Intelligent, helpful onboarding


Install WhiteSource Renovate risk-free and you'll first receive an onboarding Pull Request. It analyzes your repository and tells you what will happen next, so there's no surprises.

Unopinionated, highly flexible configuration

  "rangeStrategy": "pin",
  "ignorePaths": ["examples/**"],
  "packageRules": [{
    "packagePatterns": ["^angular.*"],
    "groupName": "angular",
    "automerge": true

Modify any of WhiteSource Renovate's smart defaults with custom overrides at the repository, package file, dependency type, and package levels.

Support for monorepo directory structures


WhiteSource Renovate will scan all files in each repository to look for relevant package files. It will also group upgrades from the same monorepo into a single PR to ensure tests pass and PR noise is reduced. Natively supports Lerna and Yarn Workspaces with zero configuration necessary.

Automatic lock file and checksum support

lock file support

WhiteSource Renovate will generate updated lock files such as package-lock.json or yarn.lock if you're already using them. It will also automatically resolve any conflicts after merges.

Ease the noise with custom schedules

  "timezone": "America/New_York",
  "schedule": "before 5am every weekday",
  "lockFileMaintenance": {
    "enabled": true,
    "schedule": "after 10pm on sunday"
  "packageRules": [{
    "packageNames": ["aws-sdk"],
    "schedule": "before 5am every wednesday"

Throttle updates however you want with schedules, configurable right down to the per-package level.

Rules-based automerging


Merge some updates without human intervention if they pass tests and satisfy your automerge rules.


Renovate is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.

Report abuse
You can’t perform that action at this time.