In order to integrate with GitHub Dependabot you’ll need a Personal Access Token. The follow steps guide you through the token creation process.
- To create a Personal Access Token, make sure that you are logged in with the user that you want to create the token with (e.g. “john-doe” in the screenshot below), and client on the “Settings” link at the bottom of the drop-down.
- In the left-hand menu select “Developer settings” in the bottom section.
- Then select “Personal access tokens” on the left:
- You would normally want to create a new token for this integration. Click on “Generate new token” at the top and fill in the details in the token configuration form. The two key points to keep in mind are:
- Make sure that you enter a fairly long, custom defined Expiration date. You can select “No expiration” to ensure that the token never expires.
- In the Scopes section select “repo” and “read:org” within “admin:org”.
Make sure that you copy the token in the last step since this is the last time that it will be visible.
Create a Dependabot Integration
- On the sidebar menu, navigate to the Scanners tab in the Integrations section.
- Click on the “Add Scanner Integration” button on the right side of the page.
- In the first step, enter a name for this scanner integration and select Dependabot from the list of available integrations; then click “Next“.
On the second step you need to provide the required details for the scanner integration. In the case of Dependabot you need to provide:
- Server URL: Enter the URL for GitHub’s GraphQL API; typically “https://api.github.com/graphql”.
- Access Token: Enter the Personal Access Token obtained using the instructions at the start of this article.
5. Click on the ‘Create Scanner’ button
After the scanner integration is created the new entry appears on the Scanners list page.
From this point onwards you will be able to select this scanner integration when creating applications Components.