diff --git a/.github/renovate.json b/.github/renovate.json
new file mode 100755
index 0000000..47fa507
--- /dev/null
+++ b/.github/renovate.json
@@ -0,0 +1,28 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["github>SonarSource/renovate-config:languages-team"],
+  "configMigration": true,
+  "enabledManagers": ["github-actions", "maven"],
+  "dockerfile": {
+    "enabled": true
+  },
+  "packageRules": [
+    {
+      "matchManagers": ["github-actions"],
+      "pinDigests": false,
+      "groupName": "all github actions",
+      "groupSlug": "all-github-actions"
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["pin", "rollback"],
+      "enabled": false
+    },
+    {
+      "matchUpdateTypes": ["minor", "patch"],
+      "matchCurrentVersion": "!/^0/"
+    }
+  ],
+  "autoApprove": true,
+  "rebaseWhen": "never"
+}
diff --git a/.github/workflows/PullRequestCreated.yml b/.github/workflows/PullRequestCreated.yml
index d49cf10..d1e04ae 100644
--- a/.github/workflows/PullRequestCreated.yml
+++ b/.github/workflows/PullRequestCreated.yml
@@ -13,6 +13,7 @@ jobs:
     # For external PR, ticket should be created manually
     if: |
         github.event.pull_request.head.repo.full_name == github.repository
+        && github.event.sender.type != 'Bot'
     steps:
       - id: secrets
         uses: SonarSource/vault-action-wrapper@v3