In this article, you will understand step by step how to easily integrate with Dependabot
Permissions for Github Dependabot Integration
The connection should be established by the owner of the organization. Only read access is required for all the listed scopes:
Dependabot alerts
Metadata
Repository advisories
Prerequisites for Github Dependabot Integration
- Organization Owner in Github - Sign in to your Github Dependabot as the owner of the organization you wish to connect with.
- To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
Make sure you see at least one organization listed on the page.
- To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.
-
If you've previously connected Scytale to GitHub organization, you may need to remove the Scytale app before connecting.
How to Connect Scytale and Github Dependabot
1) In Scytale, go to 'Integrations'.
2) Search for Github Dependabot and select 'Connect'.

3) Add a connection name - this will be used to differentiate between your connections - and then select 'Next'.

4) Next, select 'Connect' to navigate to Github Dependabot in order to approve the integration.

5) You will see a list of your organizations. Choose the GitHub organization you wish to have monitored by Scytale, aligning with the audit scope
Note: If "Configure" is visible next to the organization's name, it indicates that the organization already has the Scytale GitHub App installed.
Please uninstall the app before attempting to connect.
6) On the next page, you will see the list of permissions which are requested
Repositories selection:
- All repositories: Choose this if you want Scytale to monitor all of your repositories within a selected organization, including those created in the future.
- Only select repositories: Choose this if you want Scytale to monitor specific repositories only. Unselected repositories will not be monitored (this only applies to private repositories; public ones remain visible even if they're not selected). New repositories created in the future will not be included in the monitoring.
7) Click Install & Authorize
8) You will be now redirected back to Scytale and you've successful connected Github Dependabot!
FAQs
- Which Github pull requests do we collect for auditing?
Pull requests that have been merged will be monitored, while those in any other status will not be monitored.
Troubleshooting
- If the user who is trying to connect is not an owner of the selected organization, you may encounter this error.
How to resolve this issue?
Make sure you see at least one organization listed on th
To confirm that you are the Organization Owner, visit the following page: https://github.com/settings/organizations.