With this integration enabled, Boost will retrieve Dependabot alerts from all projects it has access to.
To ensure the integration is working properly, ensure that Dependabot is enabled in Github for the repositories that Boost has access to.
In order to enable the integration, you need to toggle the switch in the Integrations page next to the GitHub Organization name.
Dependabot findings match the following rules and can be added to your violation policy, or used as a filter in the Findings browser.
- Dependency with a Critical Risk Vulnerability
- Dependency with a High Risk Vulnerability
- Dependency with a Moderate Risk Vulnerability
- Dependency with a Low Risk Vulnerability
Note: Boost does not perform a Dependabot scan on pull requests. After the enablement of this integration, it only runs when there is a push to the main branch. Consequently, developers will not see any Dependabot warnings in pull requests.