Import Dependabot data
Dependabot is a GitHub service that provides vulnerability analysis of your software dependencies. You can import Dependabot findings into New Relic to achieve a single, unified view of vulnerabilities.
After completion of these steps, you will see new vulnerabilities detected by Dependabot in your New Relic account in real time and will be able to build out analytics dashboards and enable alerts on newly detected issues.
Importing Dependabot data consists of two steps:
- Send newly detected vulnerabilities in realtime to New Relic with a webhook
- A one time import of previously detected vulnerabilities through a bulk import
We recommend combining your webhook with a one-time bulk import to ensure data integrity of historical vulnerabilities.
GitHub monitors the health of webhook integrations. If you do not see a green checkmark next to the webhook in the GitHub Webhook UI, investigate the source of the error.
To confirm the integration is running, use this NRQL query to view operational events:
FROM Log SELECT * WHERE source = 'GitHub Dependabot' AND issueType IS NULL SINCE 1 day ago