Add sbt support to dependabot version updates (#61331)

AbhishekBhaskar · mchammer01 · web-flow · commit 0690ca2d0539 · 2026-05-26T16:28:31.000Z
Co-authored-by: mc &lt;42146119+mchammer01@users.noreply.github.com&gt;
diff --git a/content/code-security/reference/supply-chain-security/dependabot-options-reference.md b/content/code-security/reference/supply-chain-security/dependabot-options-reference.md
@@ -264,6 +264,9 @@ The table below shows the package managers that support `cooldown`. The `default
 | {% ifversion dependabot-rust-toolchain-support %} |
 | Rust toolchain        | {% octicon "check" aria-label="Supported" %}              | {% octicon "check" aria-label="Supported" %} |
 | {% endif %} |
+| {% ifversion dependabot-sbt-support %} |
+| sbt                   | {% octicon "check" aria-label="Supported" %}              | {% octicon "check" aria-label="Supported" %} |
+| {% endif %} |
 | Swift                 | {% octicon "check" aria-label="Supported" %}              | {% octicon "check" aria-label="Supported" %} |
 | Terraform             | {% octicon "check" aria-label="Supported" %}              | {% octicon "x" aria-label="Not supported" %} |
 | UV                    | {% octicon "check" aria-label="Supported" %}              | {% octicon "check" aria-label="Supported" %} |
@@ -595,6 +598,9 @@ Package manager | YAML value      | Supported versions |
 | {% ifversion dependabot-rust-toolchain-support %} |
 | Rust toolchain | `rust-toolchain` | Not applicable   |
 | {% endif %} |
+| {% ifversion dependabot-sbt-support %} |
+| sbt          | `sbt`            | Not applicable   |
+| {% endif %} |
 | Swift   | `swift`      | v5  |
 | Terraform    | `terraform`      | >= 0.13, <= 1.10.x  |
 | {% ifversion dependabot-uv-support %} |
diff --git a/data/features/dependabot-sbt-support.yml b/data/features/dependabot-sbt-support.yml
@@ -0,0 +1,6 @@
+# Reference: https://github.com/dependabot/dependabot-core/pull/15012
+# sbt support for Dependabot
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>3.21'
diff --git a/data/reusables/dependabot/dependabot-updates-supported-versioning-tags.md b/data/reusables/dependabot/dependabot-updates-supported-versioning-tags.md
@@ -9,4 +9,7 @@ The `dependabot.yml` file doesn't control the versioning tags that you can use,
 | Maven               | `maven`        | `alpha, a, beta, b, milestone, m, rc, cr, sp, ga, final, release, snapshot` | `spring-security-web@5.6.0-SNAPSHOT`, `spring-core@5.2.0.RELEASE` |
 | npm                 | `npm`          | `alpha`, `beta`, `canary`, `dev`, `experimental`, `latest`, `legacy`, `next`, `nightly`, `rc`, `release`, `stable` | `lodash@beta`, `react@latest`, `express@next` |
 | pnpm                | `npm`          | `alpha`, `beta`, `canary`, `dev`, `experimental`, `latest`, `legacy`, `next`, `nightly`, `rc`, `release`, `stable` | `lodash@1.2.0-alpha`, `react@alpha`, `vue@next` |
+| {% ifversion dependabot-sbt-support %} |
+| sbt                 | `sbt`          | `alpha, a, beta, b, milestone, m, rc, cr, sp, ga, final, release, snapshot` | `akka-actor@2.7.0-RC1`, `play-json@3.0.0-M1` |
+| {% endif %} |
 | yarn                | `npm`          | `alpha`, `beta`, `canary`, `dev`, `experimental`, `latest`, `legacy`, `next`, `nightly`, `rc`, `release`, `stable` | `lodash@1.2.0-alpha`, `axios@latest`, `moment@nightly` |
diff --git a/data/reusables/dependabot/supported-package-managers.md b/data/reusables/dependabot/supported-package-managers.md
@@ -51,6 +51,9 @@ pipenv                      | `pip` | 2024.4.1 | {% octicon "check" aria-label="
 | {% ifversion dependabot-rust-toolchain-support %} |
 [Rust toolchain](#rust-toolchain) | `rust-toolchain` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable   | Not applicable   |
 | {% endif %} |
+| {% ifversion dependabot-sbt-support %} |
+[sbt](#sbt) | `sbt` | Not applicable | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
+| {% endif %} |
 [Swift](#swift)      | `swift`      | v5  | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} (git only) | {% octicon "x" aria-label="Not supported" %} |
 [Terraform](#terraform)      | `terraform`      | >= 0.13, <= 1.13.x  | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Not applicable |
 | {% ifversion dependabot-uv-security-support %} |
@@ -226,6 +229,22 @@ Supported update patterns {% data variables.product.prodname_dependabot %} can u
 
 {% endif %}
 
+{% ifversion dependabot-sbt-support %}
+
+### sbt
+
+{% data variables.product.prodname_dependabot %} supports updates to sbt dependency files. sbt resolves artifacts from Maven repositories and uses the same version ordering as Maven.
+
+The following manifest files are supported:
+
+* `build.sbt` (root): fetched as a required file.
+* `project/plugins.sbt`: fetched if present.
+* `project/build.properties`: fetched if present.
+* `project/*.scala`: all `.scala` files in the `project/` directory.
+* `{subdir}/build.sbt`: scans root-level subdirectories (excluding `project/`, `target/`, `.git`, `.github`).
+
+{% endif %}
+
 ### Swift
 
 Private registry support applies to git registries only. Swift registries are not supported. Non-declarative manifests are not supported. For more information on non-declarative manifests, see [Editing Non-Declarative Manifests](https://github.com/apple/swift-evolution/blob/7003da1439ad60896ec14657dfce829f04b0632c/proposals/0301-package-editing-commands.md#editing-non-declarative-manifests) in the Swift Evolution documentation.
