Copy page

GitHub

GitHub Dependabot Alerts

Retrieves Dependabot vulnerability alerts from GitHub repositories, organizations, or enterprises.

Sync Type: Incremental

Requirements

Before configuring this input, you need to:

1. Create a Personal Access Token (PAT) — GitHub docs.

   • Go to your GitHub settings
   • Navigate to Developer settings > Personal access tokens > Tokens (classic)
   • Click "Generate new token (classic)"
   • Select the security_events scope
   • Copy and securely store the generated token

2. Required Permissions:

   • The PAT must have the security_events scope to access Dependabot alerts
   • For enterprise scope: You must be an enterprise admin
   • For organization scope: You must have admin access to the organization
   • For repository scope: You must have admin access to the repository

3. GitHub Version:

   • This input uses GitHub API v2026-03-10
   • Minimum GitHub Enterprise Server version: GHES 3.5+

Configuration

Settings

Setting	Type	Required	Description
source	string	Yes	Scope for fetching alerts: enterprise, organization, or repository
enterprise	string	Conditional*	Enterprise slug (required when source=enterprise)
organization	string	Conditional*	Organization name (required when source=organization)
owner	string	Conditional*	Repository owner login (required when source=repository)
repository	string	Conditional*	Repository name (required when source=repository)
state	array	No	Filter alerts by state: open, fixed, dismissed, auto_dismissed
severity	array	No	Filter alerts by severity: low, medium, high, critical
backfill_start_time	string	No	Date to start fetching data from in RFC3339 format. If not specified, no past records will be fetched.
use_synthetic_data	boolean	No	Generate synthetic demo data instead of connecting to the real data source

*Conditional: Required based on the selected source

Secrets

Secret	Type	Required	Description
personal_access_token	string	Yes	GitHub Personal Access Token with security_events scope

Filtering Behavior

When using state or severity filters:

• Multiple values in the same filter are combined with OR logic (e.g., state: ["open", "fixed"] returns open OR fixed alerts)
• If you filter by a state or severity that has no matching alerts, no records are sent for that batch

Alert States and Severity Levels

Alert States

• open — The alert is currently active and unresolved
• fixed — The vulnerability has been fixed (typically by updating the dependency)
• dismissed — The alert was manually dismissed by a user
• auto_dismissed — The alert was automatically dismissed (e.g., dependency removed or updated)

Severity Levels

• low — Minor vulnerabilities with limited impact
• medium — Moderate vulnerabilities requiring attention
• high — Serious vulnerabilities that should be prioritized
• critical — Critical vulnerabilities requiring immediate action

Common Configuration Scenarios

Monitor All Alerts in an Organization

Code
source: "organization"
organization: "my-org"
# No filters — fetches all alerts (open, fixed, dismissed)

Track Only High-Risk Vulnerabilities

Code
source: "organization"
organization: "my-org"
state: ["open"]
severity: ["high", "critical"]

Repository-Specific Monitoring

Code
source: "repository"
owner: "my-org"
repository: "critical-service"
state: ["open"]
# Monitors only open vulnerabilities in this specific repository

Enterprise-Wide Coverage

Code
source: "enterprise"
enterprise: "my-enterprise-slug"
severity: ["critical"]
# Monitors all critical vulnerabilities across the entire enterprise

Troubleshooting

Rate Limit Errors

Error: "rate limited by GitHub API: retry after X seconds"

Solution:

• The input automatically handles rate limiting by respecting GitHub's retry-after headers
• If you're hitting limits, consider:
  • Using more specific filters (e.g., filter by severity or state)
  • Running syncs at off-peak hours
  • Checking if other integrations are using the same token

Authentication Errors

Error: "invalid credentials - please verify your personal access token"

Solution:

• Verify the PAT hasn't expired
• Ensure the PAT has the security_events scope
• Confirm the PAT is valid and properly formatted

Error: "insufficient permissions - token requires security_events scope"

Solution:

• Regenerate the PAT with the security_events scope enabled
• Verify the token has appropriate access to the selected enterprise, organization, or repository

No Data Retrieved

Error: No alerts are synced despite configuration appearing correct

Solutions:

• Verify the enterprise slug, organization name, owner, or repository name is correct
• Check if there are actually alerts in the selected scope
• Confirm you have appropriate permissions (admin access required)
• If using filters, verify the filter criteria match existing alerts
• Check if alerts are outside your backfill_start_time window

Connection Test Failures

Error: "not found - verify your [scope] name and access permissions"

Solution:

• For enterprise: Verify you are an enterprise admin and the slug is correct
• For organization: Verify the organization exists and you have admin access
• For repository: Verify the owner/repo combination is correct and you have admin access
• Ensure your PAT grants access to the specified resource

Related Articles

• GitHub Dependabot Documentation
• GitHub REST API Rate Limits
• GitHub Personal Access Tokens
• Dependabot Alerts API Reference

Sample Record

Code
{
  "number": 42,
  "state": "open",
  "url": "https://api.github.com/repos/example-org/example-repo/dependabot/alerts/42",
  "html_url": "https://github.com/example-org/example-repo/security/dependabot/42",
  "created_at": "2026-04-15T10:30:00Z",
  "updated_at": "2026-04-30T14:45:22Z",
  "dismissed_at": null,
  "dismissed_by": null,
  "dismissed_reason": null,
  "dismissed_comment": null,
  "fixed_at": null,
  "auto_dismissed_at": null,
  "dependency": {
    "package": {
      "ecosystem": "npm",
      "name": "lodash"
    },
    "manifest_path": "package.json",
    "scope": "runtime"
  },
  "security_advisory": {
    "ghsa_id": "GHSA-35jh-r3h4-6jhm",
    "cve_id": "CVE-2021-23337",
    "summary": "Prototype Pollution in lodash",
    "description": "Versions of lodash before 4.7.11 are vulnerable to Prototype Pollution, allowing attackers to modify the prototype chain and execute arbitrary code.",
    "severity": "high",
    "cvss": {
      "score": 6.1,
      "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
    },
    "cwes": [
      {
        "cwe_id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes and Methods"
      }
    ],
    "identifiers": [
      {
        "value": "CVE-2021-23337",
        "type": "CVE"
      },
      {
        "value": "GHSA-35jh-r3h4-6jhm",
        "type": "GHSA"
      }
    ],
    "references": [
      {
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337"
      }
    ],
    "published_at": "2021-02-14T17:22:00Z",
    "updated_at": "2023-07-10T12:45:00Z",
    "withdrawn_at": null,
    "vulnerabilities": [
      {
        "package": {
          "ecosystem": "npm",
          "name": "lodash"
        },
        "severity": "high",
        "vulnerable_version_range": "< 4.7.11",
        "first_patched_version": {
          "identifier": "4.7.11"
        }
      }
    ]
  },
  "security_vulnerability": {
    "package": {
      "ecosystem": "npm",
      "name": "lodash"
    },
    "severity": "high",
    "vulnerable_version_range": "< 4.7.11",
    "first_patched_version": {
      "identifier": "4.7.11"
    }
  },
  "repository": {
    "id": 123456789,
    "name": "example-repo",
    "full_name": "example-org/example-repo",
    "private": true,
    "html_url": "https://github.com/example-org/example-repo"
  }
}