ARTIFACTORY: How to integrate Github Dependabot with JFrog Artifactory

Soly Im
2022-03-24 11:52

Introduction: 

Github Dependabot can be used to automatically check for newer versions of your dependencies. This article will guide you through the process of integrating Github Dependabot with JFrog Artifactory.

Enabling Dependabot in GitHub:

Dependabot is disabled by default, so you will need to enable it manually. To enable Dependabot in your Github repository, click on Insights → Dependency Graph → Dependabot → Enable Dependabot

User-added image

Once Dependabot has been enabled, you can click on Create Config File.

User-added image

Connecting Dependabot to Artifactory:

​​​​​​​For Dependabot to connect to Artifactory, you will need to specify the Artifactory connection details in ./github/dependabot.yml

You can connect Dependabot to Artifactory using your Login Credentials, or an Access Token. In this example, we will be using Access Token. To create Access Token, please use Create Token API 

Copy your Token from Artifactory and head to your Github settings page. In Github, click on Settings → Security → Secret → Depenabot → New Repository Secret. Paste in your Access Token and give it a desired name. For this example, we named our token, JFROG_AUTH_TOKEN.
 

User-added imageOnce done, you can add your desired configuration to the dependabot.yml. More detailed information regarding configuration options can be found in this document
You can find an example of this configuration below: 

User-added image

URL: https://<servername>.jfrog.io/artifactory/api/<package_type>/<repository_name>
Token: ${{secrets.<Name_of_your_token>}} 
Once done, click save. 

Verifying the Connection:

​​​​​​​To verify that Dependabot is able to successfully connect to Artifactory, please head to Insights → Dependency Graph → Dependabot → Enable Dependabot → Last Checked

User-added image

You should see 200 response codes in the log if the connection to Artifactory was successful:

User-added image