According to https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/, Dependabot is now “GitHub-native”.
Will Dependabot be made available for self-hosted GitHub Enterprise?
You can see that this is a popular request from the reactions and comments on https://github.com/dependabot/dependabot-core/issues/1499.
Hi @bgrainger,
Thank you for being here! While we aim to keep GitHub.com and GitHub Enterprise Server as close to feature parity as possible, due to our release process and requirements of certain product features, sometimes porting features over to GitHub Enterprise Server presents significant challenges. That said, we know customers are very interested in this feature, and so it’s likely that you’ll see security scanning in GitHub Enterprise Server at some point. While I cannot provide a timeline for this, we’ll be sure to document it in the Release notes.
In case it’s helpful, vulnerability alerts are currently available in GitHub Enterprise Server.