1. Home
  2. Integrations
  3. Dependabot Integration
Searching...

Dependabot Integration

Contents

This article covers the step required to integrate your Phoenix Security account with GitHub Dependabot, for which you have the required credentials.

Prerequisites

– In order to create a new scanner integration you should have access to the platform as an Org Admin user.
– To connect your account to GitHub you need to have the API URL and your credentials (Personal Access Token)

GitHub Credentials

In order to integrate with GitHub Dependabot you’ll need a Personal Access Token. The follow steps guide you through the token creation process.

  1. To create a Personal Access Token, make sure that you are logged in with the user that you want to create the token with, and from the home page click on your profile on the top right hand corner.
  1. In the right-hand menu select “Settings“. Then navigate to “Developer settings” on the bottom of the left hand menu.
  1. Then select “Personal access tokens” to allow you to select “Fine-grained tokens” or “Tokens (classic)”

Fine-grained Tokens

  1. Click on “Generate new token” and enter a name for the token.
  2. Ideally, select an organisation as the owner, rather then the user. Select a suitable expiration date and set repository access to All repositories.
  1. Expand “Permissions” > “Repository permissions” and select these minimum set of read-only permissions: Dependabot alerts, Dependabot secrets and Metadata (autoselected)
  1. In “Organization permissions” enable “Members” as read-only.

Click on “Generate” and make sure that you copy the token in the last step since this is the last time that it will be visible.

Classic Tokens

  1. You would normally want to create a new token for this integration. Click on “Generate new token(Classic)” at the top and fill in the details in the token configuration form. The two key points to keep in mind are:
  • Make sure that you enter a fairly long, custom defined Expiration date. You can select “No expiration” to ensure that the token never expires.
  • In the Scopes section select “repo” and “read:org” within “admin:org”.

Make sure that you copy the token in the last step since this is the last time that it will be visible.

Create a Dependabot Integration

  1. On the sidebar menu, navigate to the Scanners tab in the Integrations section.
  1. Click on the Dependabot scanner template.
  1. In the first step, enter a name for this scanner integration

You need to provide the required details for the scanner integration. In the case of Dependabot you need to provide:

  • Server URL: Enter the URL for GitHub’s GraphQL API; typically “https://api.github.com/graphql”.
  • Access Token: Enter the Personal Access Token obtained using the instructions at the start of this article.

5. Select whether to fetch vulnerabilities from all repositories accessible to the Access Token, or to choose which ones to include or exclude. Also set a timeframe for missing targets to be deleted after.

Updated on May 29, 2025
Tagged:

Related Articles

x Powerful Protection for WordPress, from Shield Security
This Site Is Protected By
Shield Security