Github Dependabot can be used to automatically check for newer versions of your dependencies. This article will guide you through the process of integrating Github Dependabot with JFrog Artifactory.
Enabling Dependabot in GitHub:
Dependabot is disabled by default, so you will need to enable it manually. To enable Dependabot in your Github repository, click on Insights → Dependency Graph → Dependabot → Enable Dependabot
Once Dependabot has been enabled, you can click on Create Config File.
Connecting Dependabot to Artifactory:
For Dependabot to connect to Artifactory, you will need to specify the Artifactory connection details in ./github/dependabot.yml
You can connect Dependabot to Artifactory using your Login Credentials, or an Access Token. In this example, we will be using Access Token. To create Access Token, please use Create Token API
Copy your Token from Artifactory and head to your Github settings page. In Github, click on Settings → Security → Secret → Depenabot → New Repository Secret. Paste in your Access Token and give it a desired name. For this example, we named our token, JFROG_AUTH_TOKEN.
Once done, you can add your desired configuration to the dependabot.yml. More detailed information regarding configuration options can be found in this document.
You can find an example of this configuration below:
Once done, click save.
Verifying the Connection:
To verify that Dependabot is able to successfully connect to Artifactory, please head to Insights → Dependency Graph → Dependabot → Enable Dependabot → Last Checked
You should see 200 response codes in the log if the connection to Artifactory was successful: