diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 000000000..a5866f3ed
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,42 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "baseBranches": ["main", "release-1.20"],
+  "postUpdateOptions": [
+    "gomodTidy",
+    "gomodUpdateImportPaths"
+  ],
+  "schedule": ["before 9am on Monday"],
+  "packageRules": [
+    {
+      "matchBaseBranches": ["release-1.20"],
+      "packagePatterns": ["*"],
+      "enabled": false
+    },
+    // Pin Go at the current version, since we want to upgrade it manually.
+    // Remember to keep this in sync when upgrading our Go version!
+    {
+      "matchDatasources": ["docker", "golang-version"],
+      "matchPackageNames": ["go", "golang"],
+      "allowedVersions": "<=1.22.5"
+    },
+    {
+      "matchManagers": ["gomod"],
+      "matchPaths": ["**/go.mod"],
+      "schedule": ["every month"]
+    },
+    {
+      "matchManagers": ["github-runners"],
+      "schedule": ["every month"],
+      "packagePatterns": ["*"]
+    }
+  ],
+  "branchPrefix": "deps-update/",
+  "vulnerabilityAlerts": {
+    "enabled": true,
+    "labels": ["security-update"]
+  },
+  "osvVulnerabilityAlerts": true
+}