I'm on Open Source Security: Updating open source dependencies (1 mins read).
Announcing my appearance as a guest on the Open Source Security podcast, talking about Renovate and dependency updates more generally.
Tag renovate
Liked
Dependabot vs. Renovate: Dependency Update Tools
Post details
Dependabot vs. Renovate: Dependency Update Tools
by 
Jamie Tanna
.
#dependabot
#renovate.
Reposted
yossarian (1.3.6.1.4.1.55738) (@yossarian@infosec.exchange)
Post details
We should all be using dependency cooldowns https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns #security #oss
by Jamie Tanna
.
#open-source
#supply-chain-security
#renovate
#dependabot.
Bookmarked
We should all be using dependency cooldowns
Post details
by Jamie Tanna
.
#open-source
#supply-chain-security
#renovate
#dependabot.
My first blog post on the #Mend blog is naturally all about #Renovate: Building a more secure npm ecosystem with Mend Renovate
This has been something we've been building up to for ~2 months of hard work making it as predictable as possible, highly documented and builds on top of ~6 years of Renovate having this functionality
by Jamie Tanna
.
#npm
#supply-chain-security
#mend
#renovate.
Building a more secure npm ecosystem with Mend Renovate (5 mins read).
Discover how Mend Renovate 42 is strengthening npm ecosystem security with "minimum release age” enforcement and best-practice defaults.
Reposted
Renovate (@renovatebot.com)
Post details
We were very excited to see last week we hit 20,000(!) GitHub Stars on the #Renovate project 🚀 Thanks to our amazing community + users 🤗
by Jamie Tanna
.
#renovate.
Finding missing releaseTimestamps in Renovate (3 mins read).
How to query your Renovate debug logs (or renovate-graph exports) for missing release timestamps.
Adding type hints to Renovate config.js files (1 mins read).
How to add JSDoc type hints to a config.js Renovate global self-hosting configuration file.
by Jamie Tanna
.
#blogumentation
#renovate
#neovim
#javascript
#typescript.
Reposted
Renovate (@renovatebot.com)
Post details
Announcing improvements on communicating large changes to Mend #Renovate (CLI/Cloud): https://github.com/renovatebot/renovate/discussions/38462
by Jamie Tanna
.
#renovate.
Liked
CI/CD pipelines with agentic AI: How to create self-correcting monorepos - Elasticsearch Labs
Post details
How our team introduced GenAI into CI pipelines to create self-correcting pull requests, automizing the update of hundreds of dependencies in large monorepos
by Jamie Tanna
.
#ai
#renovate.
I'm joining Mend to work on Renovate full-time (7 mins read).
Announcing my move to new job, working on Renovate (CLI and Enterprise) full-time, and looking back at my time at Elastic.
Additional lessons learned running Renovate at scale (14 mins read).
Some of the things I've learned about monitoring the usage of Renovate 'at scale' of hundreds of repositories.
A few tips for optimising Renovate for multi-team monorepos (10 mins read).
Some tips for making Renovate work even better when working on a large multi-team monorepo, where each team has different requirements for their Renovate usage.
Accessing your Renovate Dependency Dashboard, without GitHub/GitLab Issues enabled (3 mins read).
Releasing a proof-of-concept to render Dependency Dashboards for repositories that don't have issues enabled, as long as you have a Renovate Report.
Generating a Renovate Report from someone else's repo (1 mins read).
How to get a Renovate Report - with full metadata - from any arbitrary repository.
What's the difference between Renovate's depName and packageName? (3 mins read).
What the differences are, and where you may want to use one or the other.
Improving the experience of browsing Renovate debug logs (4 mins read).
Creating a Terminal User Interface (TUI) application to improve the debugging experience with Renovate's debug logs.
Overriding a Gradle project property which has . and _ characters, without modifying the buildscript (4 mins read).
How to use GRADLE_OPTS to safely override a Gradle property (with special characters in its name) without modifying the buildscript.
Liked
Renovate: Could you please bump that version?
by
Post details
Ever wished that Renovate increased that Chart version number in your Helm chart if the appVersion changes? Or maybe you wanted to bump the version number even though a dependency changed, which is not a direct dependency? Well, it can now!
by Jamie Tanna
.
#renovate.
Getting Renovate to provide a changelog for digest updates to packages (on GitHub.com) (2 mins read).
How to use the new templated changelogUrl functionality to provide more actionable changelogs for digest updates to i.e. GitHub Actions and other digest-pinned dependencies (in this example, on GitHub.com).
Automagically migrating golangci-lint configuration to v2 with Renovate (2 mins read).
How to get Renovate PRs that update both the version of golangci-lint to v2, and runs the golangci-lint migrate command for you.
Updating apk add definitions in Dockerfiles (3 mins read).
How to use Renovate's Custom Regex manager to extract apk add definitions in a Dockerfile, to allow managing (un)pinned packages.
Creating a test harness for validating Renovate Custom Datasource configuration (4 mins read).
How to set up a test harness to make it eaiser to modify scary looking JSONata transformations in your Renovate configuration.
Liked
GitHub - hown3d/renovate-apk-indexer: APK custom datasource HTTP server for renovate
Post details
APK custom datasource HTTP server for renovate. Contribute to hown3d/renovate-apk-indexer development by creating an account on GitHub.
by Jamie Tanna
.
#renovate.
You can now resolve remote presets when using Renovate's local platform in renovate-graph (2 mins read).
Announcing a new release of renovate-graph, which can now follow github> and local> presets.
Creating renovate-packagedata-diff to diff Renovate package data dumps (3 mins read).
Announcing the release of renovate-packagedata-diff which makes it possible to provide a semantic diff between different Renovate package data dumps.
Creating a private mirror of the Renovate docs (5 mins read).
How to set up a copy of Renovate's documentation, pinned to an older version, for your organisation.
Summarising the skipReasons for Renovate data exports (2 mins read).
How to work out what skipReasons you have for your Renovate package data.
by Jamie Tanna
.
#blogumentation
#renovate
#dependency-management-data.
Liked
What's going on with Dependabot?
by
Post details
We're moving away from it and I'm not sure why it started to suck.
by Jamie Tanna
.
#dependabot
#renovate.
Liked
GitHub - hown3d/renovate-apk-indexer: APK custom datasource HTTP server for renovate
Post details
APK custom datasource HTTP server for renovate. Contribute to hown3d/renovate-apk-indexer development by creating an account on GitHub.
by Jamie Tanna
.
#renovate
#wolfi.
Utilising Renovate's local platform to test more easily (4 mins read).
How to use Renovate's local platform for validating configuration changes more easily.
You can now parse repo-level Renovate configuration with renovate-graph (2 mins read).
Announcing a new release of renovate-graph which now parses repo-level Renovate configuration.
Migrating Renovate bots, while keeping existing PRs updated (2 mins read).
How to migrate between two Renovate bot accounts, in the case you want to do a 'big bang rollout'.
Creating a test harness for validating Renovate regex manager rules (4 mins read).
How to set up a test harness to make it eaiser to modify scary looking regexes in your Renovate configuration.
Lessons learned self-hosting Renovate (13 mins read).
What I've learned operating Renovate as a self-hosted app on GitHub Actions, GitLab CI, and the Mend Renovate Community Edition, and some tips for getting started
Querying your organisation's Renovate configuration using SQL(ite) (3 mins read).
A new tool, renovate-config-sqlite to pull Renovate configuration into an SQLite database.
Liked
Querying Renovate Bot Across Repos w/ SQL | MergeStat Documentation
Post details
Recently, we wanted to know which of our repos had Renovate installed, which is a use case several folks have now shared with us! This post showcases some of the queries we put together around our use of Renovate.
by Jamie Tanna
.
#renovate
#sql.
Why I recommend Renovate over any other dependency update tools (10 mins read).
Explaining why Renovate is going to be my solution to keeping up-to-date with dependencies and it's not likely to change any time soon.
by Jamie Tanna
.
#blogumentation
#renovate
#dependabot
#snyk.
Using renovate-to-sbom with the GitHub Dependency Submission API (4 mins read).
How to improve the data in GitHub's Dependency Graph by using an SBOM produced by Renovate data.
by Jamie Tanna
.
#dependency-management-data
#renovate
#sbom
#github.
Introducing renovate-to-sbom to convert Renovate data to Software Bill of Materials (SBOMs) (1 mins read).
Creating a new command-line tool for converting Renovate data exports to Software Bill of Materials (SBOMs).
by Jamie Tanna
.
#dependency-management-data
#renovate
#sbom.
Bookmarked
Bot comparison - Renovate Docs
Post details
Renovate documentation.
by Jamie Tanna
.
#dependabot
#renovate.
Liked
Using GitHub workflows to automate adding extra commits to Renovate Pull Requests
Post details
We've been using Renovate for quite a while now (switching from Dependabot), which scans our GitHub repositories and opens Pull…
Utilising Renovate's local platform to make renovate-graph more efficient (2 mins read).
How using the local platform with renovate-graph can increase the performance of dependency extraction.
by Jamie Tanna
.
#blogumentation
#renovate
#dependency-management-data.
With the release + rebrand of Mend Renovate Community Edition (previously known as Renovate On Prem), I've updated my post on running it on Fly.io to take into account the new config + naming
by Jamie Tanna
.
#renovate.
Setting up Mend Renovate Community Edition for GitLab.com on Fly.io (2 mins read).
How to set up Mend Renovate Community Edition on Fly.io, when integrating with GitLab.com.
Managing Buildkite Agent Images with Renovate (1 mins read).
How to use Renovate to manage Buildkite Agent Images.
Validating Renovate configuration changes before merging (2 mins read).
How to perform a dry run to validate your Renovate config before it's merged.
You're currently viewing page 1 of 2, of 58 posts.