Dependabot is a GitHub service that automates dependency updates in software projects by creating pull requests when new versions of dependencies are available, helping developers keep their projects secure and up-to-date.
Open source contribution manager — tracks PRs across repos, discovers contributable issues, diagnoses CI failures, and drafts maintainer responses. 21 MCP tools, 5 resources, 3 prompts. Ships
as CLI, MCP server, and Claude Code plugin.
Last updated
20
9
MIT
Why this server?
Used for proactive dependency updates as part of the enterprise-grade quality measures, including OpenSSF Scorecard monitoring and Dependabot updates.
A local-first MCP server that provides AI agents with safe codebase access through file discovery, hybrid lexical-semantic search, and project introspection. It features durable local memory and semantic indexing while keeping all data and processing entirely on your local machine.
Last updated
74
44
5
MIT
Why this server?
Allows listing Dependabot alerts with severity-grouped counts.
Self-hosted GitHub MCP server for PR, repo file, and Dependabot operations, supporting multiple MCP clients with personal access token auth.
Last updated
7
MIT
Why this server?
Analyzes Dependabot pull requests to provide human-readable upgrade plans with risk assessment, breaking changes, security fixes, and migration guidance
Translates a lockfile diff into a human-readable upgrade plan. For every dependency bump (npm or PyPI) returns semver class, breaking changes from GitHub release notes, CVEs fixed in the range, migration guide links, and a clear per-package recommendation. Bulk tool ranks up to 50 package changes in parallel by risk (security > caution > review > likely-safe > safe).
Last updated
2
85
2
MIT
Why this server?
Surfaces security alerts and CVE warnings by integrating with Dependabot and the GitHub Advisory Database.
Provides crowdsourced package intelligence and security alerts for AI coding assistants by analyzing project dependencies and framework co-occurrence. It enables automated project scans, package alternative discovery, and data-driven recommendations across multiple programming ecosystems.
Last updated
10
605
MIT
Why this server?
Enables querying of Dependabot alerts for GitHub repositories, providing visibility into dependency vulnerabilities
This server integrates with GitHub Advanced Security to load security alerts and bring it into your context. Supports Dependabot Security Alerts, Secret Scanning Alerts, Code Security Alerts
Last updated
3
5
5
MIT
Why this server?
Dependabot is used for automatic security updates of dependencies.
Provides access to 5,000+ Key Performance Indicators across 264 operating areas for all Swedish municipalities and regions, enabling statistical analysis, comparisons, and trend tracking of Swedish public sector data.
Last updated
21
23
12
MIT
Why this server?
Integrates with Dependabot for automated dependency updates
Facilitates unified execution and result parsing for various testing frameworks, including Bats, Pytest, Flutter, Jest, and Go, through a Model Context Protocol interface.
Last updated
1
16
MIT
Why this server?
Scans repository dependencies for security updates using Dependabot CLI, identifying vulnerable packages from ecosystem security advisories.
AI-powered security code review for Claude Code that runs multiple scanners (CodeQL, Semgrep, etc.) to detect vulnerabilities, secrets, and dependency CVEs, producing prioritized reports.