Documenting ND-568 outcome

Further to the implementation of ND-568, documented the current configurations
of dependabot and the earlier renovate bot configuration whjich has been
disabled temporarily to avoid conflicts between both.

source/documentation/adrs/013-use-aws-secrets-manager-for-secrets.html.md.erb

@@ -1,6 +1,6 @@
 ---
 owner_slack: "#nvvs-devops"
-title: 006 - Use AWS Secrets Manager for Secrets
+title: 013 - Use AWS Secrets Manager for Secrets
 last_reviewed_on: 2024-11-07
 review_in: 6 months
 ---

source/documentation/adrs/014-use-dependabot-to-manage-dependency-updates.html

@@ -0,0 +1,42 @@
+---
+owner_slack: "#nvvs-devops"
+title: 014 - Use Dependabot to manage dependency updates
+last_reviewed_on: 2024-12-05
+review_in: 6 months
+---
+
+# 014 - Use Dependabot to manage dependency updates
+Date: 2020-12-05
+
+## Status
+✅ Accepted
+
+## Context
+Both Renovate Bot and Dependabot are being used in our repository to manage dependency updates.
+This is leading to conflicts where both tools create separate pull requests (PRs) for the same dependencies, resulting in unnecessary duplication and management overhead.
+
+## Decision
+
+To use Dependabot, as its better suited for GitHub-based projects due to its simplicity, native integration, and focus on security, and temporarily disable renovate bot.
+
+Currently, Dependabot targets:
+
+- "bundler", which is used for managing Ruby dependencies. Dependabot will check for updates in the root directory ("/") on a daily basis.
+- "terraform", with updates being checked in the "/terraform" directory daily.
+- "github-actions", which manages GitHub Actions workflows. Updates will be checked in the root directory ("/") daily.
+- "pip", used for Python dependencies. Dependabot will check for updates in the root directory ("/") daily.
+- "npm", which manages JavaScript dependencies. Updates will be checked in the root directory ("/") daily.
+
+### Alternative Considerations:
+
+#### Renovate Bot
+
+Renovate bot targeting dependencies from the “terraform-module” and “terraform-provider” in the repositories have been temporarily disabled
+
+- 'ministryofjustice/network-access-control-infrastructure',
+- 'ministryofjustice/nvvs-devops-github-actions',
+- 'ministryofjustice/staff-device-dns-dhcp-infrastructure',
+- 'ministryofjustice/staff-device-shared-services-infrastructure',
+- 'ministryofjustice/staff-infrastructure-network-services',
+- 'ministryofjustice/staff-technology-services-github-teams'
+

source/documentation/adrs/adr-index.html.md.erb

@@ -27,6 +27,7 @@ To understand why we are recording decisions and how we are doing it, please see
 | ADR-011 | ✅      | [Use GitHub Actions for CI/CD](011-use-github-actions-for-ci-cd.html)                                              |
 | ADR-012 | ✅      | [Use TechDocs for ADRs](012-use-techdocs-for-adrs.html)                                                            |
 | ADR-013 | ✅️      | [Use AWS Secrets Manager for secrets](013-use-aws-secrets-manager-for-secrets.html)                                |
+| ADR-014 | ✅️      | [Use Dependabot to manage dependency updates](014-use-dependabot-to-manage-dependency-updates.html)
 
 ## Statuses
 - ✅ Accepted