Vulnerability Scanning
      Back to home
      1. Help Center
      2. Integrations
      3. Vulnerability Scanning

      Github Dependabot - User Guide

      In this article, you will understand step by step how to easily integrate with Dependabot

      Permissions for Github Dependabot Integration 

      The connection should be established by the owner of the organization. Only read access is required for all the listed scopes:

      • Dependabot alerts
      • Metadata
      • Repository advisories

      Prerequisites for Github Dependabot Integration 

      1. Organization Owner in Github - Sign in to your Github Dependabot as the owner of the organization you wish to connect with.
        1. To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
          Make sure you see at least one organization listed on the page.
      2. If you've previously connected Scytale to GitHub organization, you may need to remove the Scytale app before connecting.

      How to Connect Scytale and Github Dependabot

      1) In Scytale, go to 'Integrations'.

       2) Search for Github Dependabot and select 'Connect'.
      3) Add a connection name - this will be used to differentiate between your connections - and then select 'Next'.
      4) Next, select 'Connect' to navigate to Github Dependabot in order to approve the integration.
       5)  You will see a list of your organizations. Choose the GitHub organization you wish to have monitored by Scytale, aligning with the audit scope

      Note: If "Configure" is visible next to the organization's name, it indicates that the organization already has the Scytale GitHub App installed.
      Please uninstall the app before attempting to connect.



      6) On the next page, you will see the list of permissions which are requested

      Repositories selection:

      1. All repositories: Choose this if you want Scytale to monitor all of your repositories within a selected organization, including those created in the future.
      2. Only select repositories: Choose this if you want Scytale to monitor specific repositories only. Unselected repositories will not be monitored (this only applies to private repositories; public ones remain visible even if they're not selected). New repositories created in the future will not be included in the monitoring.

      7) Click Install & Authorize

      8) You will be now redirected back to Scytale and you've successful connected Github Dependabot!

      FAQs

      1. Which Github pull requests do we collect for auditing?
        Pull requests that have been merged will be monitored, while those in any other status will not be monitored.

      Troubleshooting

      1. If the user who is trying to connect is not an owner of the selected organization, you may encounter this error.

        How to resolve this issue?

        To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.

        Make sure you see at least one organization listed on th