diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
index 0fcea429..55498f60 100644
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -27,4 +27,6 @@ jobs:
           branch: main
           path-to-signatures: signatures/version1/cla.json
           path-to-document: https://github.com/splunk/cla-agreement/blob/main/CLA.md
-          allowlist: dependabot[bot]
+          allowlist:
+            - dependabot[bot]
+            - renovate[bot]
diff --git a/SECURITY.md b/SECURITY.md
index 4ce7f1ea..d6ad2d79 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -10,8 +10,8 @@ https://www.splunk.com/en_us/product-security/report.html).
 
 This project relies on a variety of external dependencies.
 These dependencies are monitored by
-[Dependabot](https://docs.github.com/en/code-security/supply-chain-security/configuring-dependabot-security-updates).
-Dependencies are [checked
+[Renovate](https://github.com/apps/renovate).
+Renovate checks for Dependencies are [checked
 daily](https://github.com/signalfx/splunk-otel-java/blob/main/.github/dependabot.yml)
 and associated pull requests are opened automatically. Upgrading to the [latest
 release](https://github.com/signalfx/splunk-otel-android/releases)
diff --git a/buildSrc/src/main/kotlin/splunk.android-library-conventions.gradle.kts b/buildSrc/src/main/kotlin/splunk.android-library-conventions.gradle.kts
index a5e89a8d..a2f454eb 100644
--- a/buildSrc/src/main/kotlin/splunk.android-library-conventions.gradle.kts
+++ b/buildSrc/src/main/kotlin/splunk.android-library-conventions.gradle.kts
@@ -10,7 +10,7 @@ plugins {
 android.lint {
     warningsAsErrors = true
     // A newer version of androidx.appcompat:appcompat than 1.3.1 is available: 1.4.1 [GradleDependency]
-    // we rely on dependabot for dependency updates
+    // we rely on renovate for dependency updates
     disable.add("GradleDependency")
 }
 
diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 00000000..0193b347
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,40 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base"
+  ],
+  "packageRules": [
+    {
+      "matchPackageNames": [
+        "io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha",
+        "io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-semconv",
+        "io.opentelemetry.instrumentation:opentelemetry-okhttp-3.0"
+      ],
+      // Renovate's default behavior is only to update from unstable -> unstable if it's for the
+      // major.minor.patch, under the assumption that you would want to update to the stable version
+      // of that release instead of the unstable version for a future release (but there's never any
+      // stable version of opentelemetry-instrumentation-bom-alpha so this logic doesn't apply
+      "ignoreUnstable": false
+    },
+    {
+      // navigation-fragment 2.7.0 and above require android api 34+, which we are not ready for
+      // yet due to android gradle plugin only supporting min 33.
+      "matchPackagePrefixes": ["androidx.navigation"],
+      "matchUpdateTypes": ["major", "minor"],
+      "enabled": false
+    },
+    {
+      // navigation-fragment 2.7.0 and above require android api 34+, which we are not ready for
+      // yet due to android gradle plugin only supporting min 33.
+      "matchPackageNames": ["androidx.browser:browser"],
+      "matchUpdateTypes": ["major", "minor"],
+      "enabled": false
+    },
+    {
+      // somehow renovate gets confused by the android property in gradle.properties,
+      // so let's just exclude it and hopefully clean up the dashboard
+      "matchPackageNames": ["string:rum.version"],
+      "enabled": false
+    }
+  ]
+}