diff --git a/docs/PIPELINES-GO.md b/docs/PIPELINES-GO.md
index fd49dbd91..d1e841645 100644
--- a/docs/PIPELINES-GO.md
+++ b/docs/PIPELINES-GO.md
@@ -1,11 +1,11 @@
 # Built-in go Pipelines
 
-Melange includes built-in pipelines to compile go projects. The first one, 
+Melange includes built-in pipelines to compile go projects. The first one,
 `go/build` gives authors more control on the compiler invocation while
 `go/install` focuses on simplicity.
 
 To get started quickly, we offer two working examples:
-[go-build.yaml](https://github.com/chainguard-dev/melange/blob/main/examples/go-build.yaml) 
+[go-build.yaml](https://github.com/chainguard-dev/melange/blob/main/examples/go-build.yaml)
 and
 [go-install.yaml](https://github.com/chainguard-dev/melange/blob/main/examples/go-install.yaml)
 
@@ -40,13 +40,13 @@ pipeline:
       version: HEAD
 ```
 
-(:bulb: Experiment with this code, 
+(:bulb: Experiment with this code,
 [download it from the examples directory](https://github.com/chainguard-dev/melange/blob/main/examples/go-install.yaml))
 
 ## Building golang projects with `go/build`
 
 The `go/build` pipeline is a declarative interface to the `go build` command.
-This pipeline executes `go build` on already installed or cloned go projects. It 
+This pipeline executes `go build` on already installed or cloned go projects. It
 can compile more than one package and the collection and installation of
 built artifacts is manual.
 
@@ -80,7 +80,7 @@ pipeline:
       output: hello
 ```
 
-(:bulb: Experiment with this code, 
+(:bulb: Experiment with this code,
 [download it from the examples directory](https://github.com/chainguard-dev/melange/blob/main/examples/go-build.yaml))
 
 ## Build Parameters
@@ -93,7 +93,7 @@ you can define the following values:
   tags:
     description: |
       A comma-separated list of build tags to pass to the go compiler
-      
+
   ldflags:
     description:
       List of [pattern=]arg to pass to the go compiler with -ldflags
@@ -103,11 +103,57 @@ you can define the following values:
       space separated list of go modules to update before building. example: github.com/foo/bar@v1.2.3
 ```
 
+## Updating dependencies with `go/bump`
+
+The `go/bump` pipeline is a declarative interface to the `GoBump`
+[package](https://github.com/chainguard-dev/gobump). GoBump is a simple
+command-line tool written in Go that allows you to update the versions
+of your Go dependencies.
+
+Here's a sample melange configuration file cloning and running the same
+sample project as above:
+
+```yaml
+package:
+  name: hello
+  version: 0.0.1
+  epoch: 0
+  description: "A project that will greet the world infinitely"
+
+environment:
+  contents:
+    keyring:
+      - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+    repositories:
+      - https://packages.wolfi.dev/os
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/puerco/hello.git
+      expected-commit: a73c4feb284dc6ed1e5758740f717f99dcd4c9d7
+      tag: v${{package.version}}
+
+  - uses: go/bump
+    with:
+      deps: github.com/sirupsen/logrus@v1.9.3
+
+  - uses: go/build
+    with:
+      tags: enterprise
+      packages: .
+      output: hello
+```
+
+(:bulb: Experiment with this code,
+[download it from the examples directory](https://github.com/chainguard-dev/melange/blob/main/examples/go-bump.yaml))
+
 For the most up to date supported features check the
-[build](https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/build.yaml)
+[build](https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/build.yaml),
+[install](https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/install.yaml),
 and
-[install](https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/install.yaml)
+[bump](https://github.com/chainguard-dev/melange/blob/main/pkg/build/pipelines/go/bump.yaml),
 pipeline definitions. Feel free to request more features in
 the built-in pipelines by
-[filing a new issue](https://github.com/chainguard-dev/melange/issues/new) in 
+[filing a new issue](https://github.com/chainguard-dev/melange/issues/new) in
 the melange repository!
diff --git a/examples/go-bump.yaml b/examples/go-bump.yaml
new file mode 100644
index 000000000..f2eab1d47
--- /dev/null
+++ b/examples/go-bump.yaml
@@ -0,0 +1,40 @@
+# SPDX-FileCopyrightText: 2022 Chainguard, Inc
+# SPDX-License-Identifier: Apache-2.0
+#
+# This is a sample configuration file to demonstrate how to build a software
+# project using melange's built-in go/build pipeline.
+#
+# For more information about melange's built-in golang support check out:
+# https://github.com/chainguard-dev/melange/blob/main/docs/PIPELINES-GO.md
+#
+# For an equivalent pipeline that uses go/install to build the same project
+# please see go-install.yaml in this directory.
+package:
+  name: hello
+  version: 0.0.1
+  epoch: 0
+  description: "A project that will greet the world infinitely"
+
+environment:
+  contents:
+    keyring:
+      - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
+    repositories:
+      - https://packages.wolfi.dev/os
+
+pipeline:
+  - uses: git-checkout
+    with:
+      repository: https://github.com/puerco/hello.git
+      expected-commit: a73c4feb284dc6ed1e5758740f717f99dcd4c9d7
+      tag: v${{package.version}}
+
+  - uses: go/bump
+    with:
+      deps: github.com/sirupsen/logrus@v1.9.3
+
+  - uses: go/build
+    with:
+      tags: enterprise
+      packages: .
+      output: hello
diff --git a/pkg/build/pipelines/go/bump.yaml b/pkg/build/pipelines/go/bump.yaml
new file mode 100644
index 000000000..05211719a
--- /dev/null
+++ b/pkg/build/pipelines/go/bump.yaml
@@ -0,0 +1,35 @@
+name: Bump go deps to a certain version
+
+needs:
+  packages:
+    - git
+    - gobump
+
+inputs:
+  deps:
+    description: The deps to bump, space separated
+    required: true
+  modroot:
+    description: The root of the module
+    default: .
+  go-version:
+    description: "The go version to set the go.mod syntax to"
+    default: ""
+  replaces:
+    description: "The replaces to add to the go.mod file"
+  tidy:
+    default: true
+    description: Run go mod tidy command before and after the bump
+  show-diff:
+    default: false
+    description: Show the difference between the go.mod file before and after the bump
+  tidy-compat:
+    description: "Set the go version for which the tidied go.mod and go.sum files should be compatible"
+    default: ""
+
+pipeline:
+  - runs: |
+      cd "${{inputs.modroot}}"
+
+      # We use the --tidy flag to run go mod tidy before and after in some cases (if old versions of go are used, we need to update the go.mod format)
+      gobump --packages "${{inputs.deps}}" --replaces "${{inputs.replaces}}" --tidy=${{inputs.tidy}} --show-diff=${{inputs.show-diff}} --go-version=${{inputs.go-version}} --compat=${{inputs.tidy-compat}}