Automated Security and Dependency Updates

deppbot ensures that your Ruby applications are kept updated, always!

Based on your configured schedule, deppbot will run bundle update on your Ruby app and send the result as a Pull Request to GitHub.
deppbot will also check your app periodically for any RubyGem vulnerabilities and fix it automagically.

Update Your App Now

Do, Don't Tell

Your time is precious. deppbot doesn't just tell you that your app is insecure or outdated.
deppbot does the update for you with Pull Requests that are easy to review and ready to be merged.

Img  main

Why Update Your Apps Frequently?

You're not taking advantage of daily improvements made to gems included in your app, and your app is prone to security risks and bugs when it's not being updated frequently.

"Can't I update my app only when things break?" - Yes, you surely can! However, the update could be massive and even result in regressions because you haven't updated the app in a while. Ouch!

Hence, it's just better to keep your apps updated, always.

Need more reasons? Read the blog post now.

How It Works?

Sign in with your GitHub login, and subscribe your repos.

deppbot will bundle update daily and issue a Pull Request to GitHub. It's even better if you have CI (Travis etc) hooked up to GitHub as the CI will run against deppbot's Pull Request and allow you to review whether any of the RubyGem updates is going to break your app.

Merge the Pull Request if all's good and it's that simple.

View an example of a deppbot Pull Request on Ruby Bench.

More Than Just Bundle Update

  • Icon  configure br

    Configure Base Branch

    The base branch for Pull Requests issued can be configured to suit your Git strategy, and so you can merge the updates easily to the masterbranch or a custom branch like development.

  • Icon  descriptive pr

    Descriptive Pull Request

    Every Pull Request will list all the RubyGems that's been added, removed or updated in Gemfile.lock, and it also includes links to compare the differences between the old and updated version for each updated RubyGem.

  • Icon  linking to log

    Linking to Changelog

    Every updated dependency in Pull Request will link to its changelog (if it has one), so that you can know precisely what notable changes have been made between each version of the project.

What our users are saying…

  • Img  nateberkopec

    Neat! A bot that opens a PR any time you need a bundle update:

  • Img  brittjmartin

    deppbott -- automated bundle update. Really genius via @changelog

  • Img  andycroll

    deppbot means I stay on top of my 'gem updates’ and ensures I take my ‘medicine’ vs. having a dependency nightmare every few months.

Pull Requests Sent
Icon  deppbot
Engineering Time Saved

Contact Us

Do you have feedback about deppbot or a question that the FAQ doesn't address?

Do you use BitBucket or GitLab and you wish deppbot supports these services?

Please tell us about it. We love to hear from you!