[FEATURE]: Add Wildcard/Auto-Discovery Support for Dependabot Configuration

[kpj2006]

Feature and its Use Cases

Dependabot currently requires maintainers to manually configure each package-ecosystem and its corresponding directory in the dependabot.yml file.

This creates maintenance challenges, especially in repositories with multiple services or monorepo structures. Whenever:

• A new package ecosystem is introduced
• A new subdirectory is added
• The project structure changes

the configuration file must be manually updated.

If directories or ecosystems are not explicitly added to dependabot.yml, Dependabot will not monitor or update dependencies in those locations. This increases the risk of missed updates and adds ongoing maintenance overhead.

Current Manual Approach Example:

- package-ecosystem: "npm"
  directory: "/"  # Must manually change to "/frontend", "/backend", etc.

think around this:

1. Wildcard Directory Support
   Allow wildcards in directory specification to automatically discover all matching paths:

- package-ecosystem: "npm"
  directory: "/*"  # Auto-discover all directories with package.json
  # OR
  directory: "**/packages/*"  # Glob pattern for monorepos

2. Auto-Discovery Mode
   Enable Dependabot to automatically detect which package ecosystems are actually present:

version: 2
updates:
  - auto-discover: true  # Automatically detect all package ecosystems
    directory: "/**"      # Search entire repository
    # Common settings apply to all discovered ecosystems:
    schedule:
      interval: "weekly"
    labels:
      - "dependencies"

resources:

• https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference

• Config file: Support Wildcards in directory dependabot/dependabot-core#2178 (comment)
  (also consider Notice: GitHub Dependabot now natively supports this functionality. Makeshift/generate-dependabot-glob-action#44)

Additional Context

Example Use Case
A monorepo with the following structure:

/
├── frontend/package.json
├── backend/package.json
├── services/api/package.json
├── services/worker/package.json
└── mobile/pubspec.yaml

Current approach: Requires 4 separate npm blocks + 1 pub block (5 total sections)
With wildcards: 1 npm block with directory: "**/package.json" pattern + 1 pub block (2 total sections)

Code of Conduct

• I have joined the Discord server and will post updates there
• I have searched existing issues to avoid duplicates

[Okd2006]

can i also work on this

[aditi25srivastava]

@kpj2006 Hyy would like to work on this issue Can you please assign this issue to me.

[Himanshu-0076]

@kpj2006 Hii I am new in Contribution if this issue is not assign to anyone plese assign to me I can work on this .