diff --git a/dist/index.js b/dist/index.js
index 6057688e1..925dbdb44 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -10200,34 +10200,38 @@ exports.getCompatibility = exports.trimSlashes = exports.getAlert = exports.getM
 const core = __importStar(__nccwpck_require__(2186));
 const https_1 = __importDefault(__nccwpck_require__(5687));
 const DEPENDABOT_LOGIN = 'dependabot[bot]';
-function getMessage(client, context, skipCommitVerification = false) {
+function getMessage(client, context, skipCommitVerification = false, skipVerification = false) {
     var _a;
     return __awaiter(this, void 0, void 0, function* () {
-        core.debug('Verifying the job is for an authentic Dependabot Pull Request');
+        if (skipVerification) {
+            core.debug('Skipping pull request verification');
+        }
+        else {
+            core.debug('Verifying the job is for an authentic Dependabot Pull Request');
+        }
         const { pull_request: pr } = context.payload;
         if (!pr) {
             core.warning("Event payload missing `pull_request` key. Make sure you're " +
                 'triggering this action on the `pull_request` or `pull_request_target` events.');
             return false;
         }
-        // Don't bother hitting the API if the PR author isn't Dependabot
-        if (pr.user.login !== DEPENDABOT_LOGIN) {
+        // Don't bother hitting the API if the PR author isn't Dependabot unless verification is disabled
+        if (!skipVerification && pr.user.login !== DEPENDABOT_LOGIN) {
             core.debug(`PR author '${pr.user.login}' is not Dependabot.`);
             return false;
         }
-        core.debug('Verifying the Pull Request contents are from Dependabot');
         const { data: commits } = yield client.rest.pulls.listCommits({
             owner: context.repo.owner,
             repo: context.repo.repo,
             pull_number: pr.number
         });
         const { commit, author } = commits[0];
-        if ((author === null || author === void 0 ? void 0 : author.login) !== DEPENDABOT_LOGIN) {
+        if (!skipVerification && (author === null || author === void 0 ? void 0 : author.login) !== DEPENDABOT_LOGIN) {
             // TODO: Promote to setFailed
             core.warning('It looks like this PR was not created by Dependabot, refusing to proceed.');
             return false;
         }
-        if (!skipCommitVerification && !((_a = commit.verification) === null || _a === void 0 ? void 0 : _a.verified)) {
+        if (!skipVerification && !skipCommitVerification && !((_a = commit.verification) === null || _a === void 0 ? void 0 : _a.verified)) {
             // TODO: Promote to setFailed
             core.warning("Dependabot's commit signature is not verified, refusing to proceed.");
             return false;
@@ -10351,7 +10355,7 @@ function run() {
         try {
             const githubClient = github.getOctokit(token);
             // Validate the job
-            const commitMessage = yield verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'));
+            const commitMessage = yield verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'), core.getBooleanInput('skip-verification'));
             const branchNames = util.getBranchNames(github.context);
             let alertLookup;
             if (core.getInput('alert-lookup')) {