From 46e3e82af0756f6b64dea0336511941036a2717f Mon Sep 17 00:00:00 2001
From: Rob Aiken <rob@aiken.im>
Date: Tue, 2 Dec 2025 17:41:31 +0000
Subject: [PATCH] Add Bazel support to Dependabot configuration and
 documentation (#58675)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
---
 .../working-with-dependabot/dependabot-options-reference.md | 6 ++++++
 data/features/dependabot-bazel-support.yml                  | 6 ++++++
 data/reusables/dependabot/supported-package-managers.md     | 3 +++
 .../dependency-graph/supported-package-ecosystems.md        | 3 +++
 4 files changed, 18 insertions(+)
 create mode 100644 data/features/dependabot-bazel-support.yml

diff --git a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md
index 188cea1a9e..0f26ff5ab3 100644
--- a/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md
+++ b/content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md
@@ -205,6 +205,9 @@ The table below shows the package managers for which SemVer is supported.
 
 | Package manager        | SemVer supported |
 |-----------------------|------------------|
+| {% ifversion dependabot-bazel-support %} |
+| Bazel               | {% octicon "x" aria-label="Not supported" %}              |
+| {% endif %} |
 | Bundler               | {% octicon "check" aria-label="Supported" %}              |
 | Bun                   | {% octicon "check" aria-label="Supported" %}              |
 | Cargo                 | {% octicon "check" aria-label="Supported" %}              |
@@ -475,6 +478,9 @@ When `open-pull-requests-limit` is defined:
 
 Package manager | YAML value      | Supported versions |
 ---------------|------------------|:------------------:|
+| {% ifversion dependabot-bazel-support %} |
+| Bazel         | `bazel`          | v7, v8, v9               |
+| {% endif %} |
 | {% ifversion dependabot-bun-support %} |
 | Bun | `bun`         | >=v1.2.5              |
 | {% endif %} |
diff --git a/data/features/dependabot-bazel-support.yml b/data/features/dependabot-bazel-support.yml
new file mode 100644
index 0000000000..5421ed44a2
--- /dev/null
+++ b/data/features/dependabot-bazel-support.yml
@@ -0,0 +1,6 @@
+# Reference: #16918
+# Bazel support for Dependabot
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '> 3.19'
diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md
index 4f8fb4296e..d728d03324 100644
--- a/data/reusables/dependabot/supported-package-managers.md
+++ b/data/reusables/dependabot/supported-package-managers.md
@@ -2,6 +2,9 @@
 
 Package manager | YAML value      | Supported versions | Version updates | Security updates | Private repositories | Private registries | Vendoring |
 ---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:|
+| {% ifversion dependabot-bazel-support %} |
+Bazel | `bazel`         | v7, v8, v9              | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
 | {% ifversion dependabot-bun-support %} |
 [Bun](#bun) | `bun`         | >=v1.1.39               | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
 | {% endif %} |
diff --git a/data/reusables/dependency-graph/supported-package-ecosystems.md b/data/reusables/dependency-graph/supported-package-ecosystems.md
index 419e8b374c..f97dd89612 100644
--- a/data/reusables/dependency-graph/supported-package-ecosystems.md
+++ b/data/reusables/dependency-graph/supported-package-ecosystems.md
@@ -1,5 +1,8 @@
 | Package manager | Languages | Static transitive dependencies | Automatic dependency submission | Recommended files | Additional files |
 | --- | --- | --- | --- | --- | ---|
+| {% ifversion dependabot-bazel-support %} |
+| Bazel | Starlark | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `MODULE.bazel`, `WORKSPACE` | `MODULE.bazel.lock`, `maven_install.json`, `*.MODULE.bazel` |
+| {% endif %} |
 | Cargo | Rust | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `Cargo.lock` | `Cargo.toml` |
 | Composer             | PHP           | {% octicon "x" aria-label="Not supported" %} | {% octicon "x" aria-label="Not supported" %} | `composer.lock` | `composer.json` |
 | NuGet | .NET languages (C#, F#, VB), C++  | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | `.csproj`, `.vbproj`, `.nuspec`, `.vcxproj`, `.fsproj` | `packages.config` |