H team,

Dependabot is a feature of GitHub whose main purpose is to assist developers in staying on top of their dependency ecosystem. It does this by automating the dependency update process which in turn proactively addresses any potential security concerns:

• https://medium.com/@edouard.courty/githubs-dependabot-why-should-you-use-it-and-how-fb91f27aa2c6

We currently suggest Snyk, but this is a paid membership - we've had a customer ask that we provide free functionality for addressing code vulnerabilities similar to Github's Dependabot feature in Bitbucket Cloud.

Cheers!

• Ben (Bitbucket Cloud Support)