diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md index f2193a8067..8077c9becf 100644 --- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md +++ b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md @@ -374,6 +374,9 @@ Package manager | YAML value | Supported versions | | Dev containers | `devcontainers` | Not applicable | | {% endif %} | | Docker | `docker` | v1 | +| {% ifversion dependabot-docker-compose-support %} | +| Docker Compose | `docker-compose` | v2, v3 | +| {% endif %} | | {% ifversion dependabot-dotnet-sdk %} | | .NET SDK | `dotnet-sdk` | >=.NET Core 3.1 | | {% endif %} | diff --git a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md index 15ddd0c932..e13c2babd0 100644 --- a/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md +++ b/content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md @@ -32,7 +32,8 @@ You'll find detailed guidance for the setup of the following package managers: * [Bun](#bun){% endif %} * [Bundler](#bundler){% ifversion dependabot-updates-cargo-private-registry-support %} * [Cargo](#cargo){% endif %} -* [Docker](#docker) +* [Docker](#docker){% ifversion dependabot-docker-compose-support %} +* [Docker Compose](#docker-compose){% endif %} * [Gradle](#gradle) * [Maven](#maven) * [npm](#npm) @@ -162,6 +163,14 @@ registries: * Dockerfiles do not receive updates to images specified with the `ARG` directive. There is a workaround available for the `COPY` directive. For more information, see [{% data variables.product.prodname_dependabot %} ignores image references in COPY Dockerfile statement](https://github.com/dependabot/dependabot-core/issues/5103#issuecomment-1692420920) in the `dependabot/dependabot-core` repository. * {% data variables.product.prodname_dependabot %} doesn't support multi-stage Docker builds. For more information, see [Support for Docker multi-stage builds](https://github.com/dependabot/dependabot-core/issues/7640) in the `dependabot/dependabot-core` repository. +{% ifversion dependabot-docker-compose-support %} + +### Docker Compose + +Docker Compose adheres to the same configuration guidelines as Docker. For more information, see [Docker](#docker). + +{% endif %} + ### Gradle {% data variables.product.prodname_dependabot %} doesn't run Gradle but supports updates to certain Gradle files. For more information, see "Gradle" in [AUTOTITLE](/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#gradle). diff --git a/data/features/dependabot-docker-compose-support.yml b/data/features/dependabot-docker-compose-support.yml new file mode 100644 index 0000000000..6cdc8986cb --- /dev/null +++ b/data/features/dependabot-docker-compose-support.yml @@ -0,0 +1,6 @@ +# Reference: #16913 +# Docker compose support for Dependabot +versions: + fpt: '*' + ghec: '*' + ghes: '> 3.16' diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md index 5033dbafe1..2b3a7e88f2 100644 --- a/data/reusables/dependabot/supported-package-managers.md +++ b/data/reusables/dependabot/supported-package-managers.md @@ -10,6 +10,9 @@ Composer | `composer` | {% ifversion dependabot-updates-composerv1-c [Dev containers](#dev-containers) | `devcontainers` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | | {% endif %} | [Docker](#docker) | `docker` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +| {% ifversion dependabot-docker-compose-support %} | +[Docker Compose](#docker-compose) | `docker-compose` | v2, v3 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable | +| {% endif %} | | {% ifversion dependabot-dotnet-sdk %} | .NET SDK | `dotnet-sdk` | >=.NET Core 3.1 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | Not applicable | Not applicable | Not applicable | | {% endif %} | @@ -75,6 +78,14 @@ In order for {% data variables.product.prodname_dependabot %} to fetch Docker me {% data variables.product.prodname_dependabot %} parses Docker image tags for Semantic Versioning ([SemVer](https://semver.org/)). If {% data variables.product.prodname_dependabot %} detects a tag with a pre-release, then it will only suggest an update to the latest version with a matching pre-release, and it will not suggest a newer version that use a different pre-release label. For more information, see the `dependabot-docker` [README.md](https://github.com/dependabot/dependabot-core/blob/main/docker/README.md) file in the `dependabot/dependabot-core` repository. +{% ifversion dependabot-docker-compose-support %} + +#### Docker Compose + +{% data variables.product.prodname_dependabot %} supports Docker Compose in a similar way to Docker. For more information, see [Docker](#docker). + +{% endif %} + #### {% data variables.product.prodname_actions %} {% data variables.product.prodname_dependabot %} supports version updates for {% data variables.product.prodname_actions %} with the following caveats.