Dependency Management at Scale: How To Maintain 200+ Infrastructure Tools Up to Date

If you’ve ever maintained a large-scale infrastructure, you know that every week brings a stream of new updates in cloud-native tooling.

Some come packed with security fixes, while others introduce breaking changes that can silently disrupt your deployments.

What you might also know is that manually tracking Helm chart updates, Terraform provider changes, or dependency shifts doesn’t scale.

Missing a fix for a CVE vulnerability? Probably not something you want.

So, how does one stay up-to-date without turning tooling updates into a full-time job?

As an SRE, I worked on various projects consisting of 200+ dependencies, if not more.

While most patch updates weren’t concerning, manually visiting and tracking updates across different tools was simply out of the question.

So the goal was pretty obvious—automate it.

At least to the point where tool version updates would automatically suggest changes in code repositories in the form of Pull Requests.

For such task, Dependabot is a pretty popular choice, but I haven’t find it fitting my needs.

The problem?

It’s tied to GitHub, while some of the clients projects were using BitBucket or GitLab.

Neither does it support self-hosting.

While there are workarounds to make this work, I didn’t want to spend much time on it since I believed such a solution should already exist.

Luckily, there’s Renovate and I really liked it.

The Renovate documentation already provides a solid overview of its capabilities, so give it a read if your a new to this, I rather want to focus why I liked it so much.

First off, Renovate provides a self-hosted solution...

Read the full post on my Substack Newsletter: https://cloudchirps.substack.com/p/dependency-management-at-scale-how