In this article, you will understand step by step how to easily integrate with Dependabot
Permissions
The connection should be established by the owner of the organization. Only read access is required for all the listed scopes:
- Dependabot alerts
- Metadata
- Repository advisories
Prerequisites
- Organization Owner in Github - Sign in to your Github Dependabot as the owner of the organization you wish to connect with.
- To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
Make sure you see at least one organization listed on the page.
- To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
-
If you've previously connected Scytale to GitHub organization, you may need to remove the Scytale app before connecting.
Connecting Scytale & Github Dependabot
1. In Scytale menu, navigate to the "integrations" page
2. Click on Connect Github Dependabot
3. Add a name for the connection
4. Click Next
5. Click on Connect
6. Upon clicking connect, a new tab will open, guiding you to sign in to GitHub. The connection process in Scytale will remain open, as you come back to complete the connection
7. You will see a list of your organizations. Choose the GitHub organization you wish to have monitored by Scytale, aligning with the audit scope
Note: If "Configure" is visible next to the organization's name, it indicates that the organization already has the Scytale GitHub App installed.
Please uninstall the app before attempting to connect.
-png.png?width=400&height=288&name=Untitled%20(10)-png.png)
7. On the next page, you will see the list of permissions which are requested
8. Repositories selection:
- All repositories: Choose this if you want Scytale to monitor all of your repositories within a selected organization, including those created in the future.
- Only select repositories: Choose this if you want Scytale to monitor specific repositories only. Unselected repositories will not be monitored (this only applies to private repositories; public ones remain visible even if they're not selected). New repositories created in the future will not be included in the monitoring.
-png.png?width=400&height=568&name=Untitled%20(11)-png.png)
9. Click Install & Authorize
10. After clicking Install & Authorize, you will be redirected back to Scytale and you've successful connected Github Dependabot ✅
FAQs
- Which Github pull requests do we collect for auditing?
Pull requests that have been merged will be monitored, while those in any other status will not be monitored.
Troubleshooting
- If the user who is trying to connect is not an owner of the selected organization, you may encounter this error.
-png.png?width=400&height=120&name=Untitled%20(12)-png.png)
How to resolve this issue?
Make sure you see at least one organization listed on th
To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.