# GitHub Dependabot Alerts Retrieves Dependabot vulnerability alerts from GitHub repositories, organizations, or enterprises. **Sync Type: Incremental** ## Requirements Before configuring this input, you need to: 1. **Create a Personal Access Token (PAT)** — [GitHub docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-personal-access-token-classic). - Go to your GitHub settings - Navigate to Developer settings > Personal access tokens > Tokens (classic) - Click "Generate new token (classic)" - Select the `security_events` scope - Copy and securely store the generated token 2. **Required Permissions**: - The PAT must have the `security_events` scope to access Dependabot alerts - For enterprise scope: You must be an enterprise admin - For organization scope: You must have admin access to the organization - For repository scope: You must have admin access to the repository 3. **GitHub Version**: - This input uses GitHub API v2026-03-10 - Minimum GitHub Enterprise Server version: GHES 3.5+ ## Configuration ### Settings | Setting | Type | Required | Description | |---------|------|----------|-------------| | source | string | Yes | Scope for fetching alerts: `enterprise`, `organization`, or `repository` | | enterprise | string | Conditional* | Enterprise slug (required when source=enterprise) | | organization | string | Conditional* | Organization name (required when source=organization) | | owner | string | Conditional* | Repository owner login (required when source=repository) | | repository | string | Conditional* | Repository name (required when source=repository) | | state | array | No | Filter alerts by state: `open`, `fixed`, `dismissed`, `auto_dismissed` | | severity | array | No | Filter alerts by severity: `low`, `medium`, `high`, `critical` | | backfill_start_time | string | No | Date to start fetching data from in RFC3339 format. If not specified, no past records will be fetched. | | use_synthetic_data | boolean | No | Generate synthetic demo data instead of connecting to the real data source | | API Rate Limit | object | No | Optional limit on the connector's outbound request rate to the source API. Leave blank to use the connector's default behavior. See [API Rate Limiting](../../../guides/rate-limiting) for the field format, limits, and how to choose a value. | *Conditional: Required based on the selected source ### Secrets | Secret | Type | Required | Description | |--------|------|----------|-------------| | personal_access_token | string | Yes | GitHub Personal Access Token with `security_events` scope | ### Filtering Behavior When using state or severity filters: - Multiple values in the same filter are combined with OR logic (e.g., `state: ["open", "fixed"]` returns open OR fixed alerts) - If you filter by a state or severity that has no matching alerts, no records are sent for that batch ## Alert States and Severity Levels ### Alert States - **open** — The alert is currently active and unresolved - **fixed** — The vulnerability has been fixed (typically by updating the dependency) - **dismissed** — The alert was manually dismissed by a user - **auto_dismissed** — The alert was automatically dismissed (e.g., dependency removed or updated) ### Severity Levels - **low** — Minor vulnerabilities with limited impact - **medium** — Moderate vulnerabilities requiring attention - **high** — Serious vulnerabilities that should be prioritized - **critical** — Critical vulnerabilities requiring immediate action ## Common Configuration Scenarios ### Monitor All Alerts in an Organization ```yaml source: "organization" organization: "my-org" # No filters — fetches all alerts (open, fixed, dismissed) ``` ### Track Only High-Risk Vulnerabilities ```yaml source: "organization" organization: "my-org" state: ["open"] severity: ["high", "critical"] ``` ### Repository-Specific Monitoring ```yaml source: "repository" owner: "my-org" repository: "critical-service" state: ["open"] # Monitors only open vulnerabilities in this specific repository ``` ### Enterprise-Wide Coverage ```yaml source: "enterprise" enterprise: "my-enterprise-slug" severity: ["critical"] # Monitors all critical vulnerabilities across the entire enterprise ``` ## Troubleshooting ### Rate Limit Errors **Error**: "rate limited by GitHub API: retry after X seconds" **Solution**: - The input automatically handles rate limiting by respecting GitHub's retry-after headers - If you're hitting limits, consider: - Using more specific filters (e.g., filter by severity or state) - Running syncs at off-peak hours - Checking if other integrations are using the same token ### Authentication Errors **Error**: "invalid credentials - please verify your personal access token" **Solution**: - Verify the PAT hasn't expired - Ensure the PAT has the `security_events` scope - Confirm the PAT is valid and properly formatted **Error**: "insufficient permissions - token requires security_events scope" **Solution**: - Regenerate the PAT with the `security_events` scope enabled - Verify the token has appropriate access to the selected enterprise, organization, or repository ### No Data Retrieved **Error**: No alerts are synced despite configuration appearing correct **Solutions**: - Verify the enterprise slug, organization name, owner, or repository name is correct - Check if there are actually alerts in the selected scope - Confirm you have appropriate permissions (admin access required) - If using filters, verify the filter criteria match existing alerts - Check if alerts are outside your backfill_start_time window ### Connection Test Failures **Error**: "not found - verify your [scope] name and access permissions" **Solution**: - For enterprise: Verify you are an enterprise admin and the slug is correct - For organization: Verify the organization exists and you have admin access - For repository: Verify the owner/repo combination is correct and you have admin access - Ensure your PAT grants access to the specified resource ## Related Articles - [GitHub Dependabot Documentation](https://docs.github.com/en/code-security/dependabot) - [GitHub REST API Rate Limits](https://docs.github.com/en/rest/using-the-rest-api/rate-limits-for-the-rest-api) - [GitHub Personal Access Tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) - [Dependabot Alerts API Reference](https://docs.github.com/en/rest/dependabot/alerts) ## Sample Record ```json { "number": 42, "state": "open", "url": "https://api.github.com/repos/example-org/example-repo/dependabot/alerts/42", "html_url": "https://github.com/example-org/example-repo/security/dependabot/42", "created_at": "2026-04-15T10:30:00Z", "updated_at": "2026-04-30T14:45:22Z", "dismissed_at": null, "dismissed_by": null, "dismissed_reason": null, "dismissed_comment": null, "fixed_at": null, "auto_dismissed_at": null, "dependency": { "package": { "ecosystem": "npm", "name": "lodash" }, "manifest_path": "package.json", "scope": "runtime" }, "security_advisory": { "ghsa_id": "GHSA-35jh-r3h4-6jhm", "cve_id": "CVE-2021-23337", "summary": "Prototype Pollution in lodash", "description": "Versions of lodash before 4.7.11 are vulnerable to Prototype Pollution, allowing attackers to modify the prototype chain and execute arbitrary code.", "severity": "high", "cvss": { "score": 6.1, "vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, "cwes": [ { "cwe_id": "CWE-1321", "name": "Improperly Controlled Modification of Object Prototype Attributes and Methods" } ], "identifiers": [ { "value": "CVE-2021-23337", "type": "CVE" }, { "value": "GHSA-35jh-r3h4-6jhm", "type": "GHSA" } ], "references": [ { "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337" } ], "published_at": "2021-02-14T17:22:00Z", "updated_at": "2023-07-10T12:45:00Z", "withdrawn_at": null, "vulnerabilities": [ { "package": { "ecosystem": "npm", "name": "lodash" }, "severity": "high", "vulnerable_version_range": "< 4.7.11", "first_patched_version": { "identifier": "4.7.11" } } ] }, "security_vulnerability": { "package": { "ecosystem": "npm", "name": "lodash" }, "severity": "high", "vulnerable_version_range": "< 4.7.11", "first_patched_version": { "identifier": "4.7.11" } }, "repository": { "id": 123456789, "name": "example-repo", "full_name": "example-org/example-repo", "private": true, "html_url": "https://github.com/example-org/example-repo" } } ```