Comment by baby_souffle

> or is their cloud resource usage for the Community edition so lightweight that it's costing them almost nothing in server costs?

The bigger concern is that you're effectively letting them (shallow) clone your repo. I prefer to self-host but that's not anywhere near as quick/easy as clicking the "integrate with GitHub" button.

> Second question: could you expand a little bit on why you like renovate better than dependabot?

They both do the same thing in about the same way... Dependabot is meant to be run at _massive_ scale across all of github so it has good support for the basic / common places people pin versions. It is quite slow to get support for newer conventions that are not ubiquitous across all of github. Easy example: k8s manifests where you might have "use $thisVersion of HelmChart" buried somewhere in yaml instead of in a clear-cut place like `requirements.txt`

Renovate has optional web UI and can be integrated with GitHub as an "app" for some interactive features but that's not worth the setup for small scale.

Renovate is _much_ more robust / the number of $things that it can detect and is a lot more extensible; as mentioned elsewhere in this thread, the regex feature is delightful. It's a pain to debug, but once you grock it / figure out how the custom regex stuff works, it's really nice.

I have more than a few scripts where the only versioned dependency is embedded in some URL:

``` wget http://github.com/some-repo/releases/v1.2.3/the-tool.tar.gz ```

And after a bit of regex work, renovate now knows to check that repos release page for updated versions and when it finds one, it updates the URL and pings me with a PR.