deppbot provides a default set of configurations for each repository.

You can customize any configuration in .deppbot.yml or on

deppbot uses ..deppbot.yml file in the root of your repository to know how you want to configure your repositories.

.deppbot.yml can be empty or very minimalistic or have every configuration in it.

Configurations in .deppbot.yml ONLY

Enable / disable Security Updates

To enable Security Updates:

  security_updates: true

To disable Security Updates:

  security_updates: false

Defaults to true.

Enable / disable Bundle Updates

To enable Bundle Updates:

  bundle_updates: true

To disable Bundle Updates:

  bundle_updates: false

Defaults to true.

Ignore Gems to be upgraded in Security Updates

During Automated Security Update, we will unlock your gem dependencies in Gemfile, patch your Gemfile and fix your security vulnerabilities.

If you are unable to upgrade certain gem(s) due to special reasons, you can specify the gems that deppbot should ignore:

    - stripe
    - twitter-bootstrap-rails

As for Bundle Updates, we respect your constraints. We encourage you to use one of these constraints: ~>, >=, <=, =, !=, >, <.


Base Branch

Is your team using the Git-Flow workflow which merges all feature branches into the develop branch instead of the master branch?

You can modify the Base Branch via 'Edit Settings' on each subscribed repository in

You can also change this configuration in .deppbot.yml:

  base_branch: develop

Defaults to master.

Update Frequency

Do you prefer daily updates or weekly updates?

You can modify the Update Frequency via 'Edit Settings' on each subscribed repository in

You can also change this configuration in .deppbot.yml:

  frequency: 3

Defaults to 1. Supported values: 1, 3, 5, 7, 14.

Private RubyGems on Bitbucket

Do you have private RubyGems hosted on Bitbucket listed in your Gemfile:

gem "your_private_gem", bitbucket: "your_org/your_private_gem"

Please add deppbot as a collaborator on, to allow deppbot to clone the private Rubygem while doing bundle update.

To add deppbot as a collaborator:

  1. Go to
  2. Settings > Access Management > Users
  3. Add deppbot with READ access.

For more information, please read the documentation from Bitbucket.