ossf
diff --git a/‎checks/dependency_update_tool_test.go‎
Lines changed: 73 additions & 5 deletions b/‎checks/dependency_update_tool_test.go‎
Lines changed: 73 additions & 5 deletions
diff --git a/‎checks/raw/dependency_update_tool.go‎
Lines changed: 25 additions & 1 deletion b/‎checks/raw/dependency_update_tool.go‎
Lines changed: 25 additions & 1 deletion
diff --git a/‎checks/raw/dependency_update_tool_test.go‎
Lines changed: 39 additions & 13 deletions b/‎checks/raw/dependency_update_tool_test.go‎
Lines changed: 39 additions & 13 deletions
diff --git a/‎clients/githubrepo/client.go‎
Lines changed: 27 additions & 15 deletions b/‎clients/githubrepo/client.go‎
Lines changed: 27 additions & 15 deletions
@@ -20,27 +20,35 @@ import (
 	"github.com/golang/mock/gomock"
 
 	"github.com/ossf/scorecard/v4/checker"
+	clients "github.com/ossf/scorecard/v4/clients"
 	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
 	scut "github.com/ossf/scorecard/v4/utests"
 )
 
+const (
+	dependabotID = 49699333
+)
+
 // TestDependencyUpdateTool tests the DependencyUpdateTool checker.
 func TestDependencyUpdateTool(t *testing.T) {
 	t.Parallel()
 	//nolint
 	tests := []struct {
-		name     string
-		wantErr  bool
-		files    []string
-		want     checker.CheckResult
-		expected scut.TestReturn
+		name              string
+		wantErr           bool
+		SearchCommits     []clients.Commit
+		CallSearchCommits int
+		files             []string
+		want              checker.CheckResult
+		expected          scut.TestReturn
 	}{
 		{
 			name:    "dependency yml",
 			wantErr: false,
 			files: []string{
 				".github/dependabot.yml",
 			},
+			CallSearchCommits: 0,
 			expected: scut.TestReturn{
 				NumberOfInfo: 1,
 				Score:        10,
@@ -52,6 +60,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 			files: []string{
 				".github/dependabot.yaml",
 			},
+			CallSearchCommits: 0,
 			expected: scut.TestReturn{
 				NumberOfInfo: 1,
 				Score:        10,
@@ -63,10 +72,68 @@ func TestDependencyUpdateTool(t *testing.T) {
 			files: []string{
 				".github/foobar.yml",
 			},
+			SearchCommits:     []clients.Commit{{Committer: clients.User{ID: 111111111}}},
+			CallSearchCommits: 1,
+			expected: scut.TestReturn{
+				NumberOfWarn: 2,
+			},
+		},
+		{
+			name:    "foo bar 2",
+			wantErr: false,
+			files: []string{
+				".github/foobar.yml",
+			},
+			SearchCommits:     []clients.Commit{},
+			CallSearchCommits: 1,
 			expected: scut.TestReturn{
 				NumberOfWarn: 2,
 			},
 		},
+
+		{
+			name:    "found in commits",
+			wantErr: false,
+			files: []string{
+				".github/foobar.yaml",
+			},
+			SearchCommits:     []clients.Commit{{Committer: clients.User{ID: dependabotID}}},
+			CallSearchCommits: 1,
+			expected: scut.TestReturn{
+				NumberOfInfo: 1,
+				Score:        10,
+			},
+		},
+		{
+			name:    "found in commits 2",
+			wantErr: false,
+			files:   []string{},
+			SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}},
+				{Committer: clients.User{ID: dependabotID}},
+			},
+
+			CallSearchCommits: 1,
+			expected: scut.TestReturn{
+				NumberOfInfo: 1,
+				Score:        10,
+			},
+		},
+
+		{
+			name:    "many commits",
+			wantErr: false,
+			files: []string{
+				".github/foobar.yml",
+			},
+			SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}},
+				{Committer: clients.User{ID: dependabotID}},
+			},
+			CallSearchCommits: 1,
+			expected: scut.TestReturn{
+				NumberOfInfo: 1,
+				Score:        10,
+			},
+		},
 	}
 	for _, tt := range tests {
 		tt := tt
@@ -75,6 +142,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 			ctrl := gomock.NewController(t)
 			mockRepo := mockrepo.NewMockRepoClient(ctrl)
 			mockRepo.EXPECT().ListFiles(gomock.Any()).Return(tt.files, nil)
+			mockRepo.EXPECT().SearchCommits(gomock.Any()).Return(tt.SearchCommits, nil).Times(tt.CallSearchCommits)
 			dl := scut.TestDetailLogger{}
 			c := &checker.CheckRequest{
 				RepoClient: mockRepo,
 
@@ -23,6 +23,10 @@ import (
 	"github.com/ossf/scorecard/v4/clients"
 )
 
+const (
+	dependabotID = 49699333
+)
+
 // DependencyUpdateTool is the exported name for Depdendency-Update-Tool.
 func DependencyUpdateTool(c clients.RepoClient) (checker.DependencyUpdateToolData, error) {
 	var tools []checker.Tool
@@ -31,7 +35,27 @@ func DependencyUpdateTool(c clients.RepoClient) (checker.DependencyUpdateToolDat
 		return checker.DependencyUpdateToolData{}, fmt.Errorf("%w", err)
 	}
 
-	// No error, return the tools.
+	if len(tools) != 0 {
+		return checker.DependencyUpdateToolData{Tools: tools}, nil
+	}
+
+	commits, err := c.SearchCommits(clients.SearchCommitsOptions{Author: "dependabot[bot]"})
+	if err != nil {
+		return checker.DependencyUpdateToolData{}, fmt.Errorf("%w", err)
+	}
+
+	for i := range commits {
+		if commits[i].Committer.ID == dependabotID {
+			tools = append(tools, checker.Tool{
+				Name:  "Dependabot",
+				URL:   asPointer("https://github.com/dependabot"),
+				Desc:  asPointer("Automated dependency updates built into GitHub"),
+				Files: []checker.File{{}},
+			})
+			break
+		}
+	}
+
 	return checker.DependencyUpdateToolData{Tools: tools}, nil
 }
 
 
@@ -20,6 +20,7 @@ import (
 	"github.com/golang/mock/gomock"
 
 	"github.com/ossf/scorecard/v4/checker"
+	clients "github.com/ossf/scorecard/v4/clients"
 	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
 )
 
@@ -131,35 +132,59 @@ func TestDependencyUpdateTool(t *testing.T) {
 	t.Parallel()
 	//nolint
 	tests := []struct {
-		name    string
-		wantErr bool
-		want    int
-		files   []string
+		name              string
+		wantErr           bool
+		want              int
+		SearchCommits     []clients.Commit
+		CallSearchCommits int
+		files             []string
 	}{
 		{
-			name:    "dependency update tool",
-			wantErr: false,
-			want:    1,
+			name:              "dependency update tool",
+			wantErr:           false,
+			want:              1,
+			CallSearchCommits: 0,
 			files: []string{
 				".github/dependabot.yml",
 			},
 		},
 		{
-			name:    "dependency update tool",
-			wantErr: false,
-			want:    1,
+			name:              "dependency update tool",
+			wantErr:           false,
+			want:              1,
+			CallSearchCommits: 0,
 			files: []string{
 				".github/dependabot.yaml",
 			},
 		},
 		{
-			name:    "foo bar",
-			wantErr: false,
-			want:    0,
+			name:              "foo bar",
+			wantErr:           false,
+			want:              0,
+			CallSearchCommits: 1,
+			SearchCommits:     []clients.Commit{{Committer: clients.User{ID: 111111111}}},
 			files: []string{
 				".github/foobar.yml",
 			},
 		},
+		{
+			name:              "dependency update tool via commits",
+			wantErr:           false,
+			want:              1,
+			CallSearchCommits: 1,
+			files:             []string{},
+			SearchCommits:     []clients.Commit{{Committer: clients.User{ID: dependabotID}}},
+		},
+		{
+			name:              "dependency update tool via commits",
+			wantErr:           false,
+			want:              1,
+			CallSearchCommits: 1,
+			files:             []string{},
+			SearchCommits: []clients.Commit{{Committer: clients.User{ID: 111111111}},
+				{Committer: clients.User{ID: dependabotID}},
+			},
+		},
 	}
 	for _, tt := range tests {
 		tt := tt
@@ -169,6 +194,7 @@ func TestDependencyUpdateTool(t *testing.T) {
 			ctrl := gomock.NewController(t)
 			mockRepo := mockrepo.NewMockRepoClient(ctrl)
 			mockRepo.EXPECT().ListFiles(gomock.Any()).Return(tt.files, nil)
+			mockRepo.EXPECT().SearchCommits(gomock.Any()).Return(tt.SearchCommits, nil).Times(tt.CallSearchCommits)
 
 			got, err := DependencyUpdateTool(mockRepo)
 			if (err != nil) != tt.wantErr {
 
@@ -37,21 +37,22 @@ var (
 
 // Client is GitHub-specific implementation of RepoClient.
 type Client struct {
-	repourl      *repoURL
-	repo         *github.Repository
-	repoClient   *github.Client
-	graphClient  *graphqlHandler
-	contributors *contributorsHandler
-	branches     *branchesHandler
-	releases     *releasesHandler
-	workflows    *workflowsHandler
-	checkruns    *checkrunsHandler
-	statuses     *statusesHandler
-	search       *searchHandler
-	webhook      *webhookHandler
-	languages    *languagesHandler
-	ctx          context.Context
-	tarball      tarballHandler
+	repourl       *repoURL
+	repo          *github.Repository
+	repoClient    *github.Client
+	graphClient   *graphqlHandler
+	contributors  *contributorsHandler
+	branches      *branchesHandler
+	releases      *releasesHandler
+	workflows     *workflowsHandler
+	checkruns     *checkrunsHandler
+	statuses      *statusesHandler
+	search        *searchHandler
+	searchCommits *searchCommitsHandler
+	webhook       *webhookHandler
+	languages     *languagesHandler
+	ctx           context.Context
+	tarball       tarballHandler
 }
 
 // InitRepo sets up the GitHub repo in local storage for improving performance and GitHub token usage efficiency.
@@ -102,6 +103,9 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error {
 	// Setup searchHandler.
 	client.search.init(client.ctx, client.repourl)
 
+	// Setup searchCommitsHandler
+	client.searchCommits.init(client.ctx, client.repourl)
+
 	// Setup webhookHandler.
 	client.webhook.init(client.ctx, client.repourl)
 
@@ -190,6 +194,11 @@ func (client *Client) Search(request clients.SearchRequest) (clients.SearchRespo
 	return client.search.search(request)
 }
 
+// SearchCommits implements RepoClient.SearchCommits
+func (client *Client) SearchCommits(request clients.SearchCommitsOptions) ([]clients.Commit, error) {
+	return client.searchCommits.search(request)
+}
+
 // Close implements RepoClient.Close.
 func (client *Client) Close() error {
 	return client.tarball.cleanup()
@@ -231,6 +240,9 @@ func CreateGithubRepoClientWithTransport(ctx context.Context, rt http.RoundTripp
 		search: &searchHandler{
 			ghClient: client,
 		},
+		searchCommits: &searchCommitsHandler{
+			ghClient: client,
+		},
 		webhook: &webhookHandler{
 			ghClient: client,
 		},