diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2fc0a42c168..ea5e8584b33 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,3 +9,13 @@ updates:
       - automation
     reviewers:
       - "elastic/ecosystem"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
+    open-pull-requests-limit: 2
+    labels:
+      - automation
+    reviewers:
+      - "elastic/ecosystem"
diff --git a/.github/workflows/bump-elastic-stack-version.yml b/.github/workflows/bump-elastic-stack-version.yml
new file mode 100644
index 00000000000..55f091801e5
--- /dev/null
+++ b/.github/workflows/bump-elastic-stack-version.yml
@@ -0,0 +1,50 @@
+---
+name: Update versions of Elastic Stack dependencies
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 1 * * 1-5'
+  pull_request:
+    paths:
+      - .github/updatecli.d/*
+      - .github/workflows/bump-elastic-stack-version.yml
+
+permissions:
+  contents: read
+
+jobs:
+  bump-elastic-stack:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    strategy:
+      fail-fast: false
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Updatecli in the runner
+        uses: updatecli/updatecli-action@v2.62.0 # updatecli v0.80.0
+
+      - name: Select diff action
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          echo "UPDATECLI_ACTION=diff" >> $GITHUB_ENV
+
+      - name: Select apply action
+        if: ${{ github.event_name != 'pull_request' }}
+        run: |
+          echo "UPDATECLI_ACTION=apply" >> $GITHUB_ENV
+
+      - name: Update latest testing 7.x stack version
+        # --experimental needed for commitusingapi option.
+        run: updatecli --experimental ${{ env.UPDATECLI_ACTION }} --config .github/workflows/updatecli.d/bump-latest-7x-version.yml --values .github/workflows/updatecli.d/scm.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Update latest testing stack version
+        # --experimental needed for commitusingapi option.
+        run: updatecli --experimental ${{ env.UPDATECLI_ACTION }} --config .github/workflows/updatecli.d/bump-latest-snapshot-version.yml --values .github/workflows/updatecli.d/scm.yml
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/updatecli.d/bump-latest-7x-version.yml b/.github/workflows/updatecli.d/bump-latest-7x-version.yml
new file mode 100644
index 00000000000..697b7d75b98
--- /dev/null
+++ b/.github/workflows/updatecli.d/bump-latest-7x-version.yml
@@ -0,0 +1,43 @@
+---
+name: Bump 7.x test version
+pipelineid: 'bump-elastic-stack-7x-version'
+
+actions:
+  default:
+    title: '[updatecli] Update 7.x snapshot to {{ source "latest7xSnapshot" }}'
+    kind: github/pullrequest
+    scmid: default
+    spec:
+      labels:
+        - automation
+        - dependency
+
+scms:
+  default:
+    kind: github
+    spec:
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
+      user: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      commitusingapi: true
+      branch: main
+
+sources:
+  latest7xSnapshot:
+    name: Get latest 7.x snapshot
+    kind: json
+    spec:
+      file: https://storage.googleapis.com/artifacts-api/snapshots/7.17.json
+      key: .version
+
+targets:
+  update-7x-version:
+    name: '[updatecli] Update 7.x snapshot to {{ source "latest7xSnapshot" }}'
+    kind: file
+    sourceid: latest7xSnapshot
+    scmid: default
+    spec:
+      file: '.buildkite/pipeline.schedule-daily.yml'
+      matchpattern: '(STACK_VERSION:) 7\.[^\s]*\.[^\s]*'
+      replacepattern: '$1 {{ source "latest7xSnapshot" }}'
diff --git a/.github/workflows/updatecli.d/bump-latest-snapshot-version.yml b/.github/workflows/updatecli.d/bump-latest-snapshot-version.yml
new file mode 100644
index 00000000000..65267d2403c
--- /dev/null
+++ b/.github/workflows/updatecli.d/bump-latest-snapshot-version.yml
@@ -0,0 +1,43 @@
+---
+name: Bump latest elastic-stack test version
+pipelineid: 'bump-latest-elastic-stack-version'
+
+actions:
+  default:
+    title: '[updatecli] Update latest snapshot to {{ source "latestSnapshot" }}'
+    kind: github/pullrequest
+    scmid: default
+    spec:
+      labels:
+        - automation
+        - dependency
+
+scms:
+  default:
+    kind: github
+    spec:
+      owner: '{{ .scm.owner }}'
+      repository: '{{ .scm.repository }}'
+      user: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      token: '{{ requiredEnv "GITHUB_TOKEN" }}'
+      commitusingapi: true
+      branch: main
+
+sources:
+  latestSnapshot:
+    name: Get latest snapshot
+    kind: json
+    spec:
+      file: https://storage.googleapis.com/artifacts-api/snapshots/main.json
+      key: .version
+
+targets:
+  update-snapshot:
+    name: '[updatecli] Update latest snapshot to {{ source "latestSnapshot" }}'
+    kind: file
+    sourceid: latestSnapshot
+    scmid: default
+    spec:
+      file: '.buildkite/pipeline.schedule-daily.yml'
+      matchpattern: '(STACK_VERSION:) 8\.[^\s]*\.[^\s]*'
+      replacepattern: '$1 {{ source "latestSnapshot" }}'
diff --git a/.github/workflows/updatecli.d/scm.yml b/.github/workflows/updatecli.d/scm.yml
new file mode 100644
index 00000000000..bc45e5d5dac
--- /dev/null
+++ b/.github/workflows/updatecli.d/scm.yml
@@ -0,0 +1,4 @@
+---
+scm:
+  owner: elastic
+  repository: integrations