diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..4ed60c768
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,33 @@
+version: 2
+
+# default configuration
+defaults: &defaults
+  package-ecosystem: npm
+  directory: '/'
+  schedule:
+    interval: weekly # don't spam daily
+  # only increase version when required, don't bump every patch or minor
+  versioning-strategy: increase-if-necessary
+  allow:
+    # only upgrade prod deps (not devDeps)
+    - dependency-name: '*'
+      dependency-type: production
+  commit-message:
+    prefix: 'deps:' # prefix commit with deps: for consistency
+
+updates:
+  # configuration for /
+  - <<: *defaults
+    # temporarily disable dep upgrade PRs for / as they're being updated
+    open-pull-requests-limit: 0
+
+  # configuration for /website
+  - <<: *defaults
+    directory: /website
+    # /website is not a published package and doesn't really have an attack
+    # surface area, should only be updated as needed, not as soon as deps change
+    ignore:
+      # no security PRs for /website
+      - dependency-name: '*'
+    # disable dep upgrade PRs for /website
+    open-pull-requests-limit: 0
diff --git a/greenkeeper.json b/greenkeeper.json
deleted file mode 100644
index c2c0e7059..000000000
--- a/greenkeeper.json
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-  "groups": {
-    "default": {
-      "packages": [
-        "package.json",
-        "templates/react/example/package.json"
-      ]
-    }
-  }
-}