diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index cc40acaa..418e6db9 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -14,8 +14,6 @@ jobs:
       - name: Fetch metadata
         id: metadata
         uses: ./
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Auto-merge
         run: gh pr merge --auto --merge "$PR_URL"
diff --git a/README.md b/README.md
index a8dd8112..51982b98 100644
--- a/README.md
+++ b/README.md
@@ -24,14 +24,14 @@ jobs:
       id: dependabot-metadata
       uses: dependabot/fetch-metadata@v1.2.1
       with:
-        github-token: "${{ secrets.GITHUB_TOKEN }}"
         alert-lookup: true
 ```
 
 Supported inputs are:
 
-- `github-token` (REQUIRED string)
+- `github-token` (string)
   - The `GITHUB_TOKEN` secret
+  - Defaults to `${{ github.token }}`
 - `alert-lookup` (boolean)
   - If `true`, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs.
   - Defaults to `false`
@@ -88,8 +88,6 @@ jobs:
       - name: Dependabot metadata
         id: dependabot-metadata
         uses: dependabot/fetch-metadata@v1.2.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Approve a PR
         run: gh pr review --approve "$PR_URL"
         env:
@@ -118,8 +116,6 @@ jobs:
       - name: Dependabot metadata
         id: dependabot-metadata
         uses: dependabot/fetch-metadata@v1.2.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Enable auto-merge for Dependabot PRs
         if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
         run: gh pr merge --auto --merge "$PR_URL"
@@ -149,8 +145,6 @@ jobs:
       - name: Dependabot metadata
         id: dependabot-metadata
         uses: dependabot/fetch-metadata@v1.2.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
       - name: Add a label for all production dependencies
         if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
         run: gh pr edit "$PR_URL" --add-label "production"
diff --git a/action.yml b/action.yml
index 87a8f0a3..105aecd4 100644
--- a/action.yml
+++ b/action.yml
@@ -9,7 +9,7 @@ inputs:
     description: 'If true, then call populate the `alert-state`, `ghsa-id` and `cvss` outputs'
   github-token:
     description: 'The GITHUB_TOKEN secret'
-    required: true
+    default: ${{ github.token }}
 outputs:
   dependency-names:
     description: 'A comma-separated list of all package names updated.'