Login
    Contents x
    Github Dependabot
    • 18 Mar 2025
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Contents

    Github Dependabot

    • Updated on 18 Mar 2025
    • 3 Minutes to read
    • Print
    • Dark
      Light
    Article summary

    Dependabot alerts tell you when your code packages are insecure. GitHub sends Dependabot alerts when it detects that your repository uses a vulnerable dependency. For more information, refer to official documentation.

    Integration Method: API

    Tables: Vulnerability Finding (2002)

    This integration supports the following events.

    Event

    Description

    Alerts

    Lists Dependabot alerts for repositories that are owned by the specified enterprise.

    This integration supports the following versions.

    GitHub REST API

    V2022-11-28

    Note:

    GitHub is a cloud-based platform and gets continuously updated. As of this document preparation, the latest version is v3.16.

    Prerequisites

    • The user should have a Fine-grained access token for Dependabot alerts.

    • The user should have access to the DataBee console.

    Configuration Overview

    1. Generate Fine-grained access token with the required scope.

    2. Add the Github Dependabot data feed in the DataBee console with the below parameters.

      DataBee Parameter

      GitHub Parameter

      Token

      Fine-grained Access Token

      Organization Name

      Organization Name

    Github Configuration

    Create a Fine-grained access token

    1. Login to your GitHub account.

    2. In the upper-right corner of any page on GitHub, click your profile photo

    3. Click on Settings.


    4. In the left sidebar, click Developer settings.
       

    5. In the left sidebar, under Personal access tokens, click Fine-grained tokens.
       

    6. Click Generate new token.
       

    7. Fill in the form details as mentioned below.
      a. Under Token name, enter a name for the token.
      b. Under Expiration, select an expiration for the token.
      c. Optionally, under Description, add a note to describe the purpose of the token.
      d. Under Resource owner, select a resource owner. The token will only be able to access resources owned by the selected resource owner. Organizations that you are a member of will not appear unless the organization opted in to fine-grained personal access tokens. For more information, see "Setting a personal access token policy for your organization."
      e. Optionally, if the resource owner is in an organization that requires approval for fine-grained personal access tokens, below the resource owner, in the box, enter a justification for the request.
       

      Note:

      Ensure that the token expiration is set to a larger number of days.


      f. Under Repository access, select which repositories you want the token to access. You should choose the minimal repository access that meets your needs. Tokens always include read-only access to all public repositories on GitHub. If you selected Only select repositories, under the Selected repositories dropdown, select the repositories that you want the token to access.
       
      g. Under Repository permissions, select which permissions to grant the token. Depending on which resource owner and which repository access you specified, there are repository, organization, and account permissions. You should choose the minimal permissions necessary for your needs.
       
      h. Ensure the Dependabot alerts permission is enabled as read-only or above.
       

    8. Click Generate token.
       

    9. Copy the generated API token for later use.
       

    Get the Organization Name

    1. In the upper-right corner of any page on GitHub, click your profile photo, then click Your Organizations.
       

    2. Copy the Organization name for which you created the Fine-grained access token.
       

    DataBee Configuration

    1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
       

    2. Search for the Github Dependabot and click it as shown below.
       

    3. Click on the API Ingest option for collection method.
       

    4. Enter feed contact information and click Next.
       

    5. In the configuration page, confirm the following:

      • API Base URL: this is the base URL that DataBee will interact with.

      • Authorization Method: Bearer Token

      • Token: paste Fine-grained Access Token

      • Event Types: preselected for all the event types that integration pulls.

      • Organization Name: paste Organization Name.


    6. Click Submit.

    Troubleshooting Tips

    • If you are facing an invalid or expired token error this might be possibly due to incorrect or expired Fine-grained Access token. Ensure the token pasted is not expired.

    • If you selected an organization as the resource owner and the organization requires approval for fine-grained personal access tokens, then your token will be marked as pending until it is reviewed by an organization administrator. Your token will only be able to read public resources until it is approved. If you are an owner of the organization, your request is automatically approved. For more information, see "Reviewing and revoking personal access tokens in your organization."

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence