Summary
The GitHub Dependabot plugin imports repository vulnerability data from GitHub server into HCL Accelerate. It scans for existing GitHub integrations and retrieves data only for those particular GitHub repositories. The Plugin works on repository level and imports data for entire repository.
Compatibility
This plugin is compatible with HCL Accelerate version 2.4.x or later. The plugin works on top of GitHub Plugin so at least one GitHub integration should be already there.
Usage
To use the GitHub Dependabot plugin, the plugin must be loaded only if you an existing GitHub integration. The GitHub Dependabot data is imported only if Dependabot alerts are enabled for the repository.
Integration type
The GitHub Dependabot plugin supports scheduled event integration which are listed in the following table.
Scheduled events
Name |
Description |
syncDependabotDataEvent |
Queries the GitHub Dependabot alerts for the repository. |
Integration
The method to integrate the plugin:
The tables in the Configuration properties topic describe the properties used to define the integration.
Using the user interface
- From the Plugins page, click Settings > Integrations > Plugins.
- Under the Action column for the plugin, click Add Integration.
- On the Add Integration page enter values for the fields used to configure the integration and define communication.
- Click Save.
Configuration Properties
The following tables describe the properties used to configure the integration.
- The General Configuration Properties table describes configuration properties used by all plugin integrations.
- The GitHub Dependabot Configuration Properties table describes the GitHub Dependabot configuration properties that define the connection and communications with the GitHub server.
Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.
General Configuration properties
Name |
Description |
Required |
Property Name |
Integration Name |
An assigned name to the value stream. |
Yes |
name |
Logging Level |
The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. |
No |
loggingLevel |
HCL Accelerate User Access Key |
An auto-generated user access key provides credentials for communicating with the HCL Accelerate server. |
Yes |
NA |
GitHub Dependabot Plugin Properties
Name |
Type |
Description |
Required |
Personal Access Token |
String |
The token to use to authenticate with the GitHub repository. |
Yes |
API URL (GraphQL Endpoint Url) |
String |
For GitHub Enterprise edition, replace it with Enterprise GraphQL endpoint. Example: http(s)://[hostname]/api/graphql or use the default value. (Default value : https://api.github.com/graphql) |
Yes |
Repositories |
Array |
List of GitHub repositories as comma separated, Use either Repositories field or name field to specify the repositories. |
No |