DW.
AI

Make GitHub Work for You: GitHub MCP and Dependabot

Make GitHub Work for You: GitHub MCP and Dependabot

Lately, I wanted to automate my daily work. I need to see my tasks quickly, report bugs with good details, and stop worrying about security holes in my code.

The problem? I was always switching between my code editor and the GitHub website. Creating Pull Requests (PRs), adding labels, writing bug reports, checking for updates—it felt like boring work that stopped my flow.

Then I found GitHub MCP and Dependabot. Now my work is automatic, and I almost never use the GitHub website.

What I Wanted to Automate

I needed three things: easy interaction with GitHub (PRs, comments, tags, issues), automated security monitoring, and control over when and how updates happen. GitHub MCP handles the first part, Dependabot handles security, and together they've transformed how I work.

GitHub MCP: Easy GitHub Interaction

GitHub MCP lets me work with GitHub easily. I can create PRs, write comments, add tags, and open issues—all without leaving my code editor.

Think of GitHub MCP as a bridge. It connects your AI-powered editor (like Cursor) directly to GitHub.

Instead of opening Chrome or Safari, you just ask your AI:

  • "Create a PR with these labels"
  • "Add a comment to issue #42"
  • "Open a bug report for this error"
  • "What tasks do I have left?"

Everything happens right inside your editor.

Setting Up GitHub MCP in Cursor

Step 1: Get Your Token

  1. Go to GitHub's token settings.
  2. Click Generate new token (classic).
  3. Select these permissions (scopes): repo, workflow, read:org.
  4. Copy the token.

Step 2: Configure Cursor

Open ~/.cursor/mcp.json and add:

{
  "mcpServers": {
    "github": {
      "url": "https://api.githubcopilot.com/mcp/",
      "headers": {
        "Authorization": "Bearer YOUR_GITHUB_PAT"
      }
    }
  }
}

Replace YOUR_GITHUB_PAT with your token, save, and restart Cursor.

Step 3: Verify

  1. Go to SettingsTools & IntegrationsMCP Tools.
  2. Look for a green dot using "github".
  3. Test it by asking: "List my GitHub repositories".

Checkpoint: Now your editor can talk to GitHub. You can create PRs and issues just by chatting.

How I Use This Every Day

Once it is set up, I use it all the time. I stay in my editor while the AI does the boring GitHub work.

But How Do I Automate Security?

GitHub MCP helps with my tasks, but what about security? That is where Dependabot helps.

Dependabot is a tool that watches your project libraries (dependencies) for security problems. It does three things:

  1. Finds security issues.
  2. Creates PRs to fix them.
  3. Keeps your libraries up to date.

Here is the trick: by default, Dependabot sends PRs to the main branch. If you use a develop branch for your work, this breaks your flow.

But we can fix this. We can tell Dependabot to use develop. We can also tell it to run only once a week, so it doesn't bother us every day.

Setting Up Dependabot

Enable Dependabot

  1. Go to your repository on GitHub.
  2. Click SettingsCode security and analysis.
  3. Enable Dependabot alerts, security updates, and version updates.

Configure Dependabot

Create .github/dependabot.yml with this configuration:

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    target-branch: "develop"
    commit-message:
      prefix: "chore"
    labels:
      - "dependencies"

Why these settings?

  • target-branch: "develop": Sends updates to your development branch, not production.
  • open-pull-requests-limit: 5: Prevents too many PRs at once.
  • schedule: weekly: Checks only on Mondays, so you don't get notifications every day.

Commit and push:

git add .github/dependabot.yml
git commit -m "chore: configure dependabot"
git push

Handling Dependabot PRs

When Dependabot creates a PR:

  1. Read the description.
  2. Check the changes (diff).
  3. Make sure tests pass.
  4. Merge or close it.

I usually merge security fixes fast, but I wait until the end of the week for normal updates.

What We Learned

Automation is key. Simplifying tasks improves your speed and reduces mistakes.

  • GitHub MCP handles your daily work—creating PRs, comments, and issues from your editor.
  • Dependabot handles security—watching your libraries and fixing problems automatically.

Together, they give you what every developer needs: less boring work and better security.

Challenges

Ready to try it?

  1. Connect MCP: Set up the GitHub MCP server in your editor today.
  2. Configure Dependabot: Add the .github/dependabot.yml file to one of your projects using the develop branch.
  3. Try a command: Ask your AI to "List my open issues" and see what happens.

Let the tools do the work for you!

Real Software. Real Lessons.

I share the lessons I learned the hard way, so you can either avoid them or be ready when they happen.

User avatar
User avatar
User avatar
User avatar
+13K

Join 13,800+ developers and readers.

No spam ever. Unsubscribe at any time.

Discussion