diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100644
index 000000000..fa238a5a8
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,45 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["config:recommended"],
+  "labels": ["dependencies"],
+  "prConcurrentLimit": 0,
+  "prHourlyLimit": 0,
+  "schedule": ["* 0-7 * * 1"],
+  "ansible-galaxy": {
+    "fileMatch": ["(^|/)[\\w-]*requirements([_.]\\w+)?\\.ya?ml$"],
+    "packageRules": [
+      {
+        "matchPackageNames": ["*"],
+        "groupName": "Ansible collections"
+      }
+    ]
+  },
+  "dockerfile": {
+    "ignorePaths": ["molecule/**/Dockerfile.j2"]
+  },
+  "github-actions": {
+    "addLabels": ["skip-changelog"],
+    "packageRules": [
+      {
+        "matchPackageNames": [
+          "actions/**",
+          "github/**"
+        ],
+        "groupName": "GitHub Actions"
+      },
+      {
+        "matchPackageNames": ["docker/**"],
+        "groupName": "Docker Actions"
+      }
+    ]
+  },
+  "pip_requirements": {
+    "fileMatch": ["(^|/)[\\w-]*requirements([_.]\\w+)?\\.(txt|pip)$"],
+    "packageRules": [
+      {
+        "matchPackageNames": ["*"],
+        "groupName": "Python dependencies"
+      }
+    ]
+  }
+}
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 876a3359e..f974703da 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -58,6 +58,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload SARIF results to code scanning
-        uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
+        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/requirements/requirements_collections.yml b/.github/workflows/requirements/requirements_collections.yml
index 632e0ab7a..47bc85e11 100644
--- a/.github/workflows/requirements/requirements_collections.yml
+++ b/.github/workflows/requirements/requirements_collections.yml
@@ -4,7 +4,7 @@ collections:
     version: 1.5.4
   - name: community.general
     version: 9.2.0
-  - name: community.crypto # Only required if you plan to install NGINX Plus
+  - name: community.crypto
     version: 2.21.1
-  - name: community.docker # Only required if you plan to use Molecule
+  - name: community.docker
     version: 3.11.0