Github Dependabot - User Guide

In this article, you will understand step by step how to easily integrate with Dependabot

Dependabot provides a list of scanned repositories, the number of alerts in each repository, and a categorized list of Critical and High severity alerts. 

How to connect to Dependabot?

Step 1: Log in to the Scytale platform

  • Click on the "Integrations" on the menu.
  • Click on the "Connect" button under the Github Dependabot icon.
  • Connection Name - is used to differentiate between your connections.
    For instance, if you manage multiple accounts or would like to connect multiple times to the integration. It's automatically titled (Connection 1,2,3 etc), instead you can change it to a custom name to make it easier to identify.
    For example: scytale-production-env.
  • Click on "Next".

  • You will be directed to Github to approve the authorization with Scytale, by clicking on "Connect". 

  

    Step 2: Authorize integration 

    • Review the permissions for the integration. 
    • Install & Authorize on your organization - Select "All repositories".
      💡The option "Only select repositories" is not supported. 
    • Click on "Install & Authorize".

    • Once confirmed, you will be redirected to the Scytale app and the integration with Dependabot will be successful.

    Permissions

    Scytale collects evidence automatically for auditing purposes by using the permissions you have granted. The integration requires the following read-only permissions:

    • repo:metadata:read

    • repo:dependabot_alerts:read