GitHub Dependabot - Overview
- The GitHub Dependabot plug-in imports repository vulnerability data from GitHub server into DevOps Velocity.
- It scans for existing GitHub integrations and retrieves data only for those particular GitHub repositories.
- The Plugin works on repository level and imports data for entire repository.
- The GitHub Dependabot leverage the existing GitHub plug-in to scan and link against known repositories. It is highly recommend that you install and configure the existing GitHub plug-in before you install the GitHub Dependabot plug-in.
- GitHub Dependabot Alerts should be enabled for the GitHub repository. Automated pull requests generated by Dependabot will be also visible in the Value Stream.
- This is a scheduled event plug-in and runs on a timed interval. If data ever gets out of sync, please leverage the Last Initial Sync utility.
Compatibility
This plug-in requires DevOps Velocity version 2.5.0 or later. The plug-in works on top of GitHub plug-in so at least one GitHub integration should be already there.
Versions
DevOps Velocity plug-in images are located in DockerHub. To view available versions, see the UrbanCode DockerHub.
History
Version 1.0.2
- Syncs with GitHub plug-in to get Dependency Vulnerabilities
- Show data in metrics bar
- Show data in insights
- Used GraphQL queries
- GitHub Personal access token required
| Back to … | Latest Version | GitHub Dependabot | |||
|---|---|---|---|---|---|
| All Plugins | Velocity Plugins | 1.0.2 | Readme | Usage | Downloads |