Does Dependabot native support Poetry for Python?

I’ve recently converted to the Python package manager Poetry. After some research, it seems that Poetry was supported by Dependabot-preview, but I can’t find any mention of Poetry support since Dependabot became a native GitHub feature.

Can anyone shed some light on this?

3 Likes

Sorry for piling on with a +1 here – but I would love Poetry support in the Github Dependency Graph as well. This would hopefully give us security notifications for Python packages coming through Poetry.

pyproject.toml and poetry.lock which Poetry uses aren’t listed in the support table for the Github Dependency Graph, so we’ll have to wait for an update from Github:

I’ve found that GitHub does in fact support Poetry for Python, setting my package ecosystem as ‘pip’ does the trick, Dependabot has continued to function, submitting PR’s to change pyproject.toml and poetry.lock

Where do you find the option to set the package ecosystem?

In the dependabot.yml configuration file in the repository, in the .github directory.